social-cli
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning the social-cli source code from github.com/letta-ai/social-cli.git and installing dependencies using pnpm install. These resources are provided by the author of the skill.
- [COMMAND_EXECUTION]: The skill operates by executing command-line instructions such as social-cli sync, social-cli check, and social-cli dispatch to interact with social media APIs and local YAML state files.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by design, as it fetches untrusted data from social media platforms intended for agent processing.
- Ingestion points: Untrusted notifications and feed data are pulled into inbox-*.yaml and feed.yaml files via the sync and feed commands.
- Boundary markers: The documentation does not specify the use of delimiters or safety instructions when passing fetched social media text to an AI agent.
- Capability inventory: The agent possesses capabilities to post, reply, follow, and delete content on social media, which could be exploited via malicious content in the inbox.
- Sanitization: The documentation does not describe any sanitization or validation of the fetched social media content before it is processed by the agent.
Audit Metadata