sourcing-selection
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows standard vendor patterns for orchestration and data synthesis. Technical analysis of the components revealed no security concerns:
- Core Instructions:
SKILL.mddefines a clear orchestration logic for research tasks without any prompt injection or bypass attempts. - Shared Runtime: The scripts in
_postplus_sharedconstitute a standard runtime environment for thePostPlusAIvendor, implementing legitimate features like configuration management in~/.config/postplusand authorized communication with vendor APIs. - Media Downloads: The video download script uses the well-known
yt_dlptool via safe process spawning, which is consistent with the skill's purpose for marketplace research. - Data Handling: Sensitive information such as session tokens is managed through standard CLI configuration practices. All network operations use the vendor's own infrastructure or established marketplaces.
Audit Metadata