threads-writer
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXPOSURE]: The skill reads several local files to gather context, including
context/brand-style.md,context/content-calendar.md,context/best-performers.md, and the agent-specific configuration file.claude/product-marketing-context.md. - [EXTERNAL_DOWNLOADS]: It incorporates the
FirecrawlMCP tool (mcp__firecrawl__firecrawl_scrape) to fetch content from external Threads profiles for tone and engagement analysis. - [COMMAND_EXECUTION]: The skill manages its own output by creating the
outputs/threads/directory and writing generated content files to the local file system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from external web sources and local files that may contain instructions designed to influence the agent's behavior.
- Ingestion points: External data is retrieved via
Firecrawlscraping, and local data is read from thecontext/directory. - Boundary markers: There are no instructions provided to wrap external or user-provided content in delimiters or to ignore embedded instructions within that data.
- Capability inventory: The skill has the ability to read and write files, create directories, and perform network requests through configured MCP tools.
- Sanitization: The skill does not define any methods for validating, filtering, or escaping content retrieved from external sources before it is added to the prompt context.
Audit Metadata