x-twitter-browser-ops

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to parse and process untrusted data from X/Twitter profiles (such as display names and bios) via browser response observers. This creates a potential surface for indirect prompt injection, where an attacker could place malicious instructions in their X profile to influence the agent's behavior when the data is processed.
  • Ingestion points: GraphQL list responses parsed in the 'Collection Workflow' section of SKILL.md.
  • Boundary markers: No explicit delimiters are specified for the interpolation of collected text into the agent's context, though output sanitization is mentioned.
  • Capability inventory: The skill uses browser automation (navigation and response observation) and file-system access (writing CSV, Markdown, and HTML files) across the workflow in SKILL.md.
  • Sanitization: The skill provides specific instructions in SKILL.md to escape JSON special characters (<, >, &) as Unicode escapes when embedding data into HTML artifacts to prevent cross-site scripting (XSS) and injection.
  • [COMMAND_EXECUTION]: The instructions in SKILL.md direct the agent to utilize PowerShell for data formatting tasks, specifically using 'ConvertTo-Json' to prepare collected data for embedding in HTML dashboards.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 08:18 PM
Security Audit — agent-trust-hub — x-twitter-browser-ops