x-tweet-by-handle
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/build-profile-url.pyandscripts/parse-tweets.py) using the bash tool to handle URL construction and data extraction from network captures. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted content (tweet text and metadata) from X user profiles.
- Ingestion points: Raw network response data is saved to
tmp/x-profile-page-N.txtand processed byscripts/parse-tweets.py. - Boundary markers: While the data is returned in a structured JSON format, the instructions do not explicitly warn the agent to ignore or isolate instructions that may be embedded within the scraped tweet content.
- Capability inventory: The skill employs
browser-actfor navigation and network monitoring, andbashfor running local processing scripts. - Sanitization: The Python scripts use standard JSON parsing to extract fields and do not execute or evaluate the content of the tweets.
Audit Metadata