marketing-social
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a social listening workflow (in
references/listening.md) that fetches and processes untrusted data from external platforms such as Reddit, Hacker News, and Bluesky. This external data could contain malicious instructions intended to manipulate the agent's scoring or comment drafting behavior. - Ingestion points: The agent is instructed to fetch content from the public web using
curlrecipes or a browser tool inreferences/listening.mdandreferences/listening-sources-template.md. - Boundary markers: There are no explicit markers or instructions provided to the agent to treat this external content as untrusted data or to ignore potential instructions embedded within it.
- Capability inventory: The skill has access to shell execution (
curl,jq) and browser automation (dev-browser). - Sanitization: There are no mentions of sanitizing, filtering, or escaping the external text before it is processed by the agent.
- [COMMAND_EXECUTION]: The file
references/listening.mdprovides several bash command templates usingcurl,jq, andxmllint. While these are targeted at reputable public APIs for data retrieval, the use of shell commands with user-defined keyword parameters involves a risk of command injection if not handled carefully by the agent and the user.
Audit Metadata