social-sentiment
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the mcporter utility to fetch social media data and poll for operation status.
- [EXTERNAL_DOWNLOADS]: Downloads social media datasets in CSV format from mcp.xpoz.ai and installs the mcporter package from the npm registry.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted text from social media platforms.
- Ingestion points: Social media posts are fetched via mcporter calls defined in SKILL.md.
- Boundary markers: Absent; there are no instructions to wrap external content in delimiters or to ignore embedded instructions.
- Capability inventory: The skill includes Python execution (pandas) and tool-based network access.
- Sanitization: Absent; the logic performs keyword matches directly on the retrieved post content without validation.
Audit Metadata