x-keyword-comment

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user content from X to generate automated replies.
  • Ingestion points: scripts/scan-search-tweets.py captures tweet text into the tweetSnippet variable from the live search results.
  • Boundary markers: The instructions lack explicit delimiters or instructions to the agent to disregard malicious commands embedded within the fetched tweets.
  • Capability inventory: The skill utilizes the browser-act tool to perform browser-based actions like text input and button clicks, which could be abused if the agent is manipulated.
  • Sanitization: There is no evidence of filtering or sanitization of the tweet text before it is used as context for reply generation.
  • [COMMAND_EXECUTION]: The skill relies on executing local Python scripts to generate JavaScript code that is subsequently evaluated in the browser.
  • Evidence: The execution flow uses eval "$(python scripts/scan-search-tweets.py)" and click-reply.py to bridge Python-based logic with browser automation commands.
  • [SAFE]: The skill interacts with X.com, which is a well-known service. It provides clear documentation on operational risks, such as rate limits and account suspension, and uses the author's own browser automation tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — x-keyword-comment