Skills
skills/postplusai/postplus-skills/pattern-router/Gen Agent Trust Hub

pattern-router

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script _postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs fetches media from arbitrary URLs specified in a manifest file using the yt-dlp tool.
  • [COMMAND_EXECUTION]: The skill runtime utilizes node:child_process to execute external binaries, including python3 (to run the yt-dlp module) and ffmpeg (to generate preview videos), which increases the potential attack surface if inputs are manipulated.
  • [CREDENTIALS_UNSAFE]: The file _postplus_shared/00-core/shared-runtime/scripts/lib/postplus_cli_config.mjs manages sensitive session tokens (cliSessionToken) by reading and writing them in plain text to the local configuration directory (e.g., ~/.config/postplus/config.json).
  • [PROMPT_INJECTION]: The skill processes untrusted user-supplied 'briefs' to drive narrative routing decisions. It lacks explicit boundary markers or instructions to ignore embedded commands, creating a surface for indirect prompt injection.
  • Ingestion points: SKILL.md (brief input) and download_videos_from_manifest_with_ytdlp.mjs (manifest source URLs).
  • Boundary markers: Absent.
  • Capability inventory: Shell execution (python3, ffmpeg), network requests (https), and file system writes across the shared runtime.
  • Sanitization: No explicit sanitization or validation of the brief text content is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 07:44 AM
Security Audit — agent-trust-hub — pattern-router