social-autoposter
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill reads sensitive information from local configuration and environment files, including social media handles and API keys for Moltbook.
- [DATA_EXFILTRATION]: The skill transmits post content and authorization tokens to the Moltbook API via curl commands.
- [PROMPT_INJECTION]: The skill includes instructions to mimic human behavior and evade AI detection, which involves deceptive directives and following mandatory metadata instructions.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface by ingesting and processing untrusted text from social media platforms. Ingestion points: External thread content and comments (SKILL.md). Boundary markers: None specified. Capability inventory: Browser automation, API interactions, and local database writes. Sanitization: No evidence of content sanitization before processing.
- [COMMAND_EXECUTION]: The skill runs local Python scripts and shell utilities to automate tasks and interact with the filesystem.
Audit Metadata