efecto-social-media

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @efectoapp/mcp package from the npm registry using npx.
  • [REMOTE_CODE_EXECUTION]: The installation process for various IDEs (Claude Code, Cursor, Windsurf) involves executing the @efectoapp/mcp package directly to run the MCP server.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data from an external search service. \n
  • Ingestion points: External image metadata and attributes from the Lummi search engine (SKILL.md) \n
  • Boundary markers: Absent; there are no instructions to the agent to treat search results as untrusted content \n
  • Capability inventory: 46 design tools including artboard creation, node modification, and image exporting (SKILL.md) \n
  • Sanitization: Absent; the documentation does not describe any validation or escaping of external content prior to use in design tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 12:12 PM
Security Audit — agent-trust-hub — efecto-social-media