Skills
skills/postplusai/postplus-skills/social-media-extractor/Gen Agent Trust Hub

social-media-extractor

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the yt_dlp module using the python3 command as a subprocess. This is used to download media files from social media platforms as specified in a manifest file. The execution uses spawn with an argument array, which safely prevents shell command injection.
  • [EXTERNAL_DOWNLOADS]: The script download_videos_from_manifest_with_ytdlp.mjs fetches media content from external social media URLs. This is the primary intended function of the skill for extracting public data.
  • [SAFE]: The skill manages local session tokens and configuration settings within the user's home directory (e.g., in .config/postplus or AppData/Roaming/postplus). These are standard practices for CLI-based agents to maintain authentication and state with their respective cloud backends.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:52 PM