social-media-publisher
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Shared runtime scripts utilize the Node.js "spawn" API to execute system utilities including "ffmpeg" and "yt-dlp". These tools are employed for media generation and retrieval as part of the workspace's functional pipeline.
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading media from remote sources using the "yt-dlp" utility. The target URLs are sourced from project manifest files processed by "download_videos_from_manifest_with_ytdlp.mjs".
- [DATA_EXFILTRATION]: The "upload_file.mjs" script enables the reading and transmission of local files to the PostPlus publishing service. Although used for social media assets, this capability constitutes a functional surface for file system access.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists in the "postplus_workspace_runtime.mjs" logic, which automatically ingests content from files in the "assets/texts" directory into the agent's context. Evidence chain: 1. Ingestion point: "handleExternalMarkdownEdit" reads "assets/texts/*.md". 2. Boundary markers: Absent. 3. Capability inventory: Remote post creation and file uploads. 4. Sanitization: Text is parsed into blocks via regex but lacks isolation from control logic.
Audit Metadata