Automated Content Generation Pipeline Skill
Automates content generation by scraping viral posts and creating original scripts, captions, and schedules for social media.
Install this skill
Security score
The Automated Content Generation Pipeline Skill skill was audited on Mar 3, 2026 and we found 44 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 191 | const prompt = ` |
Template literal with variable interpolation in command context
| 240 | const prompt = ` |
Template literal with variable interpolation in command context
| 284 | const prompt = ` |
Template literal with variable interpolation in command context
| 341 | const prompt = ` |
Template literal with variable interpolation in command context
| 402 | const scheduledTime = new Date(`${day.date}T${post.time}:00`); |
Template literal with variable interpolation in command context
| 409 | profile_ids: [process.env[`BUFFER_${post.platform.toUpperCase()}_ID`]], |
Template literal with variable interpolation in command context
| 413 | { headers: { Authorization: `Bearer ${BUFFER_TOKEN}` } } |
Template literal with variable interpolation in command context
| 428 | console.log(`ā Scheduled: [${post.platform}] ${day.date} ${post.time}`); |
Template literal with variable interpolation in command context
| 442 | console.log(`\nš Content Pipeline started ā ${new Date().toISOString()}`); |
Template literal with variable interpolation in command context
| 450 | console.log(` ā ${viralContent.length} viral posts collected`); |
Template literal with variable interpolation in command context
| 456 | console.log(` ā ${hookAnalysis.hookPatterns.length} hook patterns identified`); |
Template literal with variable interpolation in command context
| 457 | console.log(` š” Key insight: ${hookAnalysis.keyInsight}`); |
Template literal with variable interpolation in command context
| 463 | console.log(` ā ${scripts.scripts.length} scripts generated`); |
Template literal with variable interpolation in command context
| 469 | console.log(` ā Captions written for ${captions.posts.length} posts`); |
Template literal with variable interpolation in command context
| 477 | console.log(` ā ${calendar.weekSummary.totalPosts} posts scheduled for the week`); |
Template literal with variable interpolation in command context
| 481 | console.log(` ā¢ Viral posts scraped: ${report.postsScraped}`); |
Template literal with variable interpolation in command context
| 482 | console.log(` ā¢ Hook patterns found: ${report.hookPatterns}`); |
Template literal with variable interpolation in command context
| 483 | console.log(` ā¢ Scripts generated: ${report.scriptsGenerated}`); |
Template literal with variable interpolation in command context
| 484 | console.log(` ā¢ Posts scheduled: ${report.totalPostsScheduled}`); |
Template literal with variable interpolation in command context
| 485 | console.log(` ā¢ Best day this week: ${calendar.weekSummary.bestDayToPost}`); |
Template literal with variable interpolation in command context
| 486 | console.log(` ā¢ Strategy: ${calendar.weekSummary.strategy}`); |
Webhook reference - potential data exfiltration
| 53 | ā ā Buffer ā Later ā Hootsuite ā Custom Webhook ā ā |
Webhook reference - potential data exfiltration
| 417 | // Or push to your own webhook / CMS |
Webhook reference - potential data exfiltration
| 418 | if (process.env.PUBLISH_WEBHOOK_URL) { |
Webhook reference - potential data exfiltration
| 419 | await axios.post(process.env.PUBLISH_WEBHOOK_URL, { |
Webhook reference - potential data exfiltration
| 524 | PUBLISH_WEBHOOK_URL=https://your-app.com/webhooks/publish |
Webhook reference - potential data exfiltration
| 527 | SLACK_WEBHOOK_URL=https://hooks.slack.com/services/xxx/xxx/xxx |
Access to .env file
| 93 | const apify = new ApifyClient({ token: process.env.APIFY_TOKEN }); |
Access to .env file
| 184 | 'x-api-key': process.env.CLAUDE_API_KEY, |
Access to .env file
| 398 | const BUFFER_TOKEN = process.env.BUFFER_ACCESS_TOKEN; |
Access to .env file
| 409 | profile_ids: [process.env[`BUFFER_${post.platform.toUpperCase()}_ID`]], |
Access to .env file
| 418 | if (process.env.PUBLISH_WEBHOOK_URL) { |
Access to .env file
| 419 | await axios.post(process.env.PUBLISH_WEBHOOK_URL, { |
Access to .env file
| 515 | # .env |
External URL reference
| 12 | > š Apify: https://www.apify.com/?fpr=dx06p |
External URL reference
| 64 | 1. Sign up at **https://www.apify.com/?fpr=dx06p** |
External URL reference
| 122 | { url: "https://www.reddit.com/r/Entrepreneur/" }, |
External URL reference
| 123 | { url: "https://www.reddit.com/r/productivity/" }, |
External URL reference
| 124 | { url: "https://www.reddit.com/r/personalfinance/" } |
External URL reference
| 182 | baseURL: 'https://api.anthropic.com/v1', |
External URL reference
| 406 | 'https://api.bufferapp.com/1/updates/create.json', |
External URL reference
| 524 | PUBLISH_WEBHOOK_URL=https://your-app.com/webhooks/publish |
External URL reference
| 527 | SLACK_WEBHOOK_URL=https://hooks.slack.com/services/xxx/xxx/xxx |
External URL reference
| 576 | - **Apify** account ā https://www.apify.com/?fpr=dx06p |