competitor-social-research
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill manages secrets securely by requiring the
SCRAPECREATORS_API_KEYto be provided as an environment variable rather than hardcoded. - [SAFE]: All referenced API endpoints and documentation links are within the domain of the skill author (
scrapecreators.com). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests untrusted third-party data from various social media platforms.
- Ingestion points: Profile data, post captions, transcripts, and comments are fetched from platforms like TikTok, Instagram, YouTube, LinkedIn, Facebook, X, Threads, and Bluesky (referenced in
SKILL.md). - Boundary markers: No specific delimiters or instructions for the agent to ignore instructions embedded in the external content are present.
- Capability inventory: The skill is granted access to the
Bash,Read,Write, andWebFetchtools. - Sanitization: No explicit sanitization or filtering of the fetched social media content is defined in the instructions.
Audit Metadata