Skills
skills/echosell/keyapi-skills/keyapi-facebook-analysis/Gen Agent Trust Hub

keyapi-facebook-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from public Facebook profiles and groups, which creates an attack surface for indirect prompt injection if the analyzed data contains malicious instructions intended to manipulate agent behavior.
  • Ingestion points: Results retrieved from Facebook via the profile_posts, get_group_posts, and profile detail tools.
  • Boundary markers: The current output format does not utilize specific delimiters or instructions to help the agent distinguish between its own guidelines and retrieved external content.
  • Capability inventory: The skill has the capability to perform network requests and execute local scripts.
  • Sanitization: No evidence of data sanitization or filtering of social media content was identified in the provided scripts.
  • [EXTERNAL_DOWNLOADS]: The skill connects to the vendor's MCP server at mcp.keyapi.ai to facilitate Facebook data retrieval and resolution tasks.
  • [COMMAND_EXECUTION]: Runs a local Node.js script (scripts/run.js) to coordinate tool calls, handle authentication with the KeyAPI service, and manage local response caching.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:10 PM