marketing-social

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a social listening workflow (in references/listening.md) that fetches and processes untrusted data from external platforms such as Reddit, Hacker News, and Bluesky. This external data could contain malicious instructions intended to manipulate the agent's scoring or comment drafting behavior.
  • Ingestion points: The agent is instructed to fetch content from the public web using curl recipes or a browser tool in references/listening.md and references/listening-sources-template.md.
  • Boundary markers: There are no explicit markers or instructions provided to the agent to treat this external content as untrusted data or to ignore potential instructions embedded within it.
  • Capability inventory: The skill has access to shell execution (curl, jq) and browser automation (dev-browser).
  • Sanitization: There are no mentions of sanitizing, filtering, or escaping the external text before it is processed by the agent.
  • [COMMAND_EXECUTION]: The file references/listening.md provides several bash command templates using curl, jq, and xmllint. While these are targeted at reputable public APIs for data retrieval, the use of shell commands with user-defined keyword parameters involves a risk of command injection if not handled carefully by the agent and the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — marketing-social