Skills
skills/postplusai/postplus-skills/benchmark-to-brief/Gen Agent Trust Hub

benchmark-to-brief

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The download_videos_from_manifest_with_ytdlp.mjs script fetches external video assets based on URLs provided in a JSON manifest using the well-known yt-dlp utility.
  • [COMMAND_EXECUTION]: The skill performs subprocess execution using child_process.spawn to run python3 -m yt_dlp. This is used to programmatically download and verify media files as part of the production workflow.
  • [CREDENTIALS_UNSAFE]: The postplus_cli_config.mjs module accesses the local PostPlus configuration directory to read config.json. It retrieves session tokens, account identifiers, and API base URLs to authenticate the agent with the vendor's cloud platform.
  • [PROMPT_INJECTION]: The skill processes research artifacts, such as master tables and comment analyses, which represents an indirect prompt injection surface.
  • Ingestion points: SKILL.md (research artifacts) and download_videos_from_manifest_with_ytdlp.mjs (manifest file).
  • Boundary markers: The skill includes instructional constraints in SKILL.md (the 'Fact Rule') requiring fact-grounding, but does not implement programmatic delimiters in its data-handling scripts.
  • Capability inventory: The skill has the ability to execute shell commands (yt-dlp), perform file system operations (saving videos and reports), and make network requests via vendor-provided libraries.
  • Sanitization: Subprocess calls in the downloader script use argument arrays, which prevents shell command injection from malicious manifest data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:44 AM
Security Audit — agent-trust-hub — benchmark-to-brief