facebook-leads
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill requires access to the user's active Facebook session, which is facilitated through session cookies. This allows the agent to read group content and member lists that are otherwise private or restricted to logged-in users.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from Facebook posts and comments. This creates a surface area for indirect prompt injection, where malicious content within a Facebook thread could attempt to influence the agent's logic.
- Ingestion points: Content is retrieved from external Facebook URLs via scripts like
@reduck/facebook.com/list_postsand@reduck/facebook.com/get_post_engagement. - Boundary markers: There are no explicit instructions in the prompt to treat the retrieved content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has access to sensitive 'write' capabilities, such as
@reduck/facebook.com/post_to_groupand@reduck/facebook.com/add_friend. - Sanitization: No specific sanitization or filtering of the retrieved Facebook data is described.
- [COMMAND_EXECUTION]: The skill documentation references the use of the
reduck local --cookiescommand to provide the necessary session data. While this is an external prerequisite rather than a command executed directly by the skill script, it highlights the high level of access the agent has to the user's social media identity.
Audit Metadata