Skills
skills/nexu-io/open-design/social-x-post-card/Gen Agent Trust Hub

social-x-post-card

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references resources from well-known services, including Tailwind CSS via cdn.tailwindcss.com and fonts from fonts.googleapis.com. It also includes a reference to a GitHub repository belonging to the author (nexu-io).
  • [DATA_EXFILTRATION]: The instructions explicitly forbid the use of external image URLs and require all icons to be inline SVGs. This design choice prevents data exfiltration or user tracking that could occur through unauthorized remote asset requests.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided text to populate the post card templates, creating an injection surface.
  • Ingestion points: Data enters via the user prompt and content files such as example.md.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed data.
  • Capability inventory: The skill is limited to rendering static HTML/CSS cards and does not have access to command execution, file system modifications, or network-enabled tools.
  • Sanitization: The prompt provides instructions for the agent to summarize input data into a concise format, which provides a structural transformation of the ingested content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:15 PM
Security Audit — agent-trust-hub — social-x-post-card