he4rt-marketing-extension
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone or download the extension source code from external sources to install it in developer mode.
- [DATA_EXFILTRATION]: Contains code snippets for intercepting and transmitting social media engagement data, such as tweet metrics and user profiles, to a remote API endpoint via webhooks.
- [COMMAND_EXECUTION]: Provides documentation for a Laravel command-line interface used to ingest exported JSON data files into a database.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from X/Twitter. 1. Ingestion points: Intercepts GraphQL responses captured in interceptor.js. 2. Boundary markers: None present. 3. Capability inventory: Local file system writes and network API calls. 4. Sanitization: No explicit sanitization of captured social media content is described.
Audit Metadata