efecto-social-media
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @efectoapp/mcp package from the npm registry using npx.
- [REMOTE_CODE_EXECUTION]: The installation process for various IDEs (Claude Code, Cursor, Windsurf) involves executing the @efectoapp/mcp package directly to run the MCP server.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data from an external search service. \n
- Ingestion points: External image metadata and attributes from the Lummi search engine (SKILL.md) \n
- Boundary markers: Absent; there are no instructions to the agent to treat search results as untrusted content \n
- Capability inventory: 46 design tools including artboard creation, node modification, and image exporting (SKILL.md) \n
- Sanitization: Absent; the documentation does not describe any validation or escaping of external content prior to use in design tools.
Audit Metadata