Skills
skills/postplusai/postplus-skills/persona-pack/Gen Agent Trust Hub

persona-pack

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script download_videos_from_manifest_with_ytdlp.mjs executes python3 -m yt_dlp via Node's spawn to download video content. This is a standard and expected operation for a media production skill.
  • [EXTERNAL_DOWNLOADS]: The skill downloads media files from external URLs provided in manifest files. It also fetches data and uploads assets to the vendor's infrastructure at api.postplus.com. These operations are well-documented and necessary for the skill's functionality.
  • [DATA_EXFILTRATION]: The skill manages authentication by reading and writing session tokens to the user's local configuration directory (e.g., ~/.config/postplus/config.json). Access is restricted to the vendor's own configuration and is used exclusively for communicating with the PostPlus Cloud API.
  • [PROMPT_INJECTION]: The SKILL.md file contains robust instructions designed to ensure personas are grounded in factual research rather than AI hallucinations. It specifically requires separating direct observations from prompt generation guidance to maintain data integrity.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:44 AM
Security Audit — agent-trust-hub — persona-pack