x-keyword-comment
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user content from X to generate automated replies.
- Ingestion points:
scripts/scan-search-tweets.pycaptures tweet text into thetweetSnippetvariable from the live search results. - Boundary markers: The instructions lack explicit delimiters or instructions to the agent to disregard malicious commands embedded within the fetched tweets.
- Capability inventory: The skill utilizes the
browser-acttool to perform browser-based actions like text input and button clicks, which could be abused if the agent is manipulated. - Sanitization: There is no evidence of filtering or sanitization of the tweet text before it is used as context for reply generation.
- [COMMAND_EXECUTION]: The skill relies on executing local Python scripts to generate JavaScript code that is subsequently evaluated in the browser.
- Evidence: The execution flow uses
eval "$(python scripts/scan-search-tweets.py)"andclick-reply.pyto bridge Python-based logic with browser automation commands. - [SAFE]: The skill interacts with X.com, which is a well-known service. It provides clear documentation on operational risks, such as rate limits and account suspension, and uses the author's own browser automation tool.
Audit Metadata