x-mastery-mentor

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a feature to scrape and analyze up to 100 tweets from X/Twitter profiles (Scenario E). This process introduces a surface for Indirect Prompt Injection, where malicious instructions embedded in the scraped tweets could attempt to override the agent's behavior during the analysis or report generation phase.
  • Ingestion points: Data is ingested from external Twitter profiles via scraping in SKILL.md (Scenario E).
  • Boundary markers: The instructions do not specify any delimiters or safety constraints to prevent the agent from following instructions found within the scraped content.
  • Capability inventory: The agent has the ability to write to the local filesystem (user-data/), navigate the web using computer-use, and generate HTML reports.
  • Sanitization: There is no evidence of sanitization or filtering applied to the external text before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill relies on automated browser tools and the javascript_tool to interact with external web pages and extract data. In Scenario E, it specifically uses computer-use to navigate and screenshot pages, and claude-in-chrome to extract DOM elements and execute scripts. While these are platform-provided tools, their application on untrusted third-party websites represents a controlled but relevant execution risk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 03:00 PM
Security Audit — agent-trust-hub — x-mastery-mentor