publisher
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads data from files within the
outputs/andcontext/directories (such as brand style guidelines and generated content) and transmits this information to the external Blotato service (blotato.com) to facilitate visual generation and social media scheduling. - [COMMAND_EXECUTION]: The skill makes extensive use of Blotato MCP tools to perform automated actions on external social media accounts, including
blotato_create_postandblotato_create_visual. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external files in the
outputs/directory without applying sanitization or boundary markers. This could allow maliciously crafted content from previous pipeline steps to influence the publisher's actions. - Ingestion points: Reads from
outputs/linkedin/,outputs/threads/,outputs/x/, andoutputs/captions/directories. - Boundary markers: Absent. Content is used directly for visual generation and captions.
- Capability inventory: Includes network-enabled social media posting and visual generation via the Blotato MCP server.
- Sanitization: Absent. The skill does not validate or escape the content before passing it to the scheduling tools.
Audit Metadata