The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.spawn to execute yt_dlp via python3 for downloading media. This is implemented using an arguments array, which is a secure practice that prevents shell command injection.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of media from external URLs for social media posts. This is a primary function of the skill and is handled via established tools like yt-dlp or the platform's hosted storage service.
[DATA_EXFILTRATION]: No unauthorized exfiltration was detected. All network operations are restricted to the PostPlus platform's infrastructure or authorized cloud storage providers for media uploads via a hosted bridge.
[PROMPT_INJECTION]: While the skill processes user-supplied JSON requests and external media URLs, which represents an indirect prompt injection surface, this risk is mitigated by a mandatory 'Execution Approval' system. Sensitive operations require an explicit --execute flag and a matching approval artifact (SHA256 digest), ensuring human oversight for all publishing actions.

social-media-publisher