x-twitter-browser-ops
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to parse and process untrusted data from X/Twitter profiles (such as display names and bios) via browser response observers. This creates a potential surface for indirect prompt injection, where an attacker could place malicious instructions in their X profile to influence the agent's behavior when the data is processed.
- Ingestion points: GraphQL list responses parsed in the 'Collection Workflow' section of SKILL.md.
- Boundary markers: No explicit delimiters are specified for the interpolation of collected text into the agent's context, though output sanitization is mentioned.
- Capability inventory: The skill uses browser automation (navigation and response observation) and file-system access (writing CSV, Markdown, and HTML files) across the workflow in SKILL.md.
- Sanitization: The skill provides specific instructions in SKILL.md to escape JSON special characters (<, >, &) as Unicode escapes when embedding data into HTML artifacts to prevent cross-site scripting (XSS) and injection.
- [COMMAND_EXECUTION]: The instructions in SKILL.md direct the agent to utilize PowerShell for data formatting tasks, specifically using 'ConvertTo-Json' to prepare collected data for embedding in HTML dashboards.
Audit Metadata