x-mastery-mentor
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a feature to scrape and analyze up to 100 tweets from X/Twitter profiles (Scenario E). This process introduces a surface for Indirect Prompt Injection, where malicious instructions embedded in the scraped tweets could attempt to override the agent's behavior during the analysis or report generation phase.
- Ingestion points: Data is ingested from external Twitter profiles via scraping in
SKILL.md(Scenario E). - Boundary markers: The instructions do not specify any delimiters or safety constraints to prevent the agent from following instructions found within the scraped content.
- Capability inventory: The agent has the ability to write to the local filesystem (
user-data/), navigate the web usingcomputer-use, and generate HTML reports. - Sanitization: There is no evidence of sanitization or filtering applied to the external text before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill relies on automated browser tools and the
javascript_toolto interact with external web pages and extract data. In Scenario E, it specifically usescomputer-useto navigate and screenshot pages, andclaude-in-chrometo extract DOM elements and execute scripts. While these are platform-provided tools, their application on untrusted third-party websites represents a controlled but relevant execution risk.
Audit Metadata