social-orchestrator
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No patterns of system prompt extraction, safety filter bypass, or instruction override were detected. The persona-based instructions ('Diretor de Comunicacao Digital') are within the expected operational scope for a social media assistant.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file path access (e.g., .ssh, .env), or unauthorized network exfiltration. The skill references legitimate integrations for Instagram, Telegram, and WhatsApp APIs.
- [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface where it ingests untrusted data for processing.
- Ingestion points: User-provided content strings and media through the
/Publish_Alland/Campaigncommands inSKILL.md. - Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands in the source content.
- Capability inventory: Uses the
instagram,telegram, andwhatsapp-cloud-apitools to perform network operations (publishing). - Sanitization: No explicit sanitization or validation of the input content is described before adaptation and cross-platform distribution.
- [OBFUSCATION]: No hidden content, Base64 encoding of commands, zero-width characters, or homoglyph attacks were identified in the document.
- [REMOTE_CODE_EXECUTION]: No remote script downloads or dynamic code execution patterns (like eval or subprocess calls) were found in the provided instruction file.
- [METADATA_POISONING]: The metadata fields in the YAML frontmatter are consistent with the skill's stated purpose. The 'risk: critical' field appears to be a user-defined classification for business criticality rather than a security warning.
Audit Metadata