social
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
references/listening.mdfile contains several bash recipes that usecurl,jq, andxmllintto fetch and process data from external social media platforms. - [EXTERNAL_DOWNLOADS]: In
references/listening.md, the skill recommends that the user install external software packages (jqandlibxml2-utils) via system package managers like Homebrew (brew) or APT (apt). - [DATA_EXFILTRATION]: The skill performs network operations to domains not included in the standard whitelist, such as
reddit.com,hn.algolia.com, andpublic.api.bsky.app. While these are used for the stated purpose of social listening, they represent unauthorized network activity according to strict security guidelines. - [PROMPT_INJECTION]: The 'Social Listening & Engagement Triage' workflow in
references/listening.mdcreates a vulnerability to indirect prompt injection. - Ingestion points: The skill fetches untrusted text content (titles, post bodies, and comments) from Reddit, Hacker News, and Bluesky.
- Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore potential instructions embedded within the fetched social media content.
- Capability inventory: The skill has the ability to execute network commands (
curl) and interact with a browser (dev-browser). - Sanitization: There is no evidence of content sanitization or validation performed on the external data before it is presented to the agent for scoring and drafting responses.
Audit Metadata