competitor-social-research

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill manages secrets securely by requiring the SCRAPECREATORS_API_KEY to be provided as an environment variable rather than hardcoded.
  • [SAFE]: All referenced API endpoints and documentation links are within the domain of the skill author (scrapecreators.com).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests untrusted third-party data from various social media platforms.
  • Ingestion points: Profile data, post captions, transcripts, and comments are fetched from platforms like TikTok, Instagram, YouTube, LinkedIn, Facebook, X, Threads, and Bluesky (referenced in SKILL.md).
  • Boundary markers: No specific delimiters or instructions for the agent to ignore instructions embedded in the external content are present.
  • Capability inventory: The skill is granted access to the Bash, Read, Write, and WebFetch tools.
  • Sanitization: No explicit sanitization or filtering of the fetched social media content is defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:55 AM
Security Audit — agent-trust-hub — competitor-social-research