social-media-publisher

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Shared runtime scripts utilize the Node.js "spawn" API to execute system utilities including "ffmpeg" and "yt-dlp". These tools are employed for media generation and retrieval as part of the workspace's functional pipeline.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading media from remote sources using the "yt-dlp" utility. The target URLs are sourced from project manifest files processed by "download_videos_from_manifest_with_ytdlp.mjs".
  • [DATA_EXFILTRATION]: The "upload_file.mjs" script enables the reading and transmission of local files to the PostPlus publishing service. Although used for social media assets, this capability constitutes a functional surface for file system access.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists in the "postplus_workspace_runtime.mjs" logic, which automatically ingests content from files in the "assets/texts" directory into the agent's context. Evidence chain: 1. Ingestion point: "handleExternalMarkdownEdit" reads "assets/texts/*.md". 2. Boundary markers: Absent. 3. Capability inventory: Remote post creation and file uploads. 4. Sanitization: Text is parsed into blocks via regex but lacks isolation from control logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 02:14 AM
Security Audit — agent-trust-hub — social-media-publisher