x-tweet-by-handle

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/build-profile-url.py and scripts/parse-tweets.py) using the bash tool to handle URL construction and data extraction from network captures.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted content (tweet text and metadata) from X user profiles.
  • Ingestion points: Raw network response data is saved to tmp/x-profile-page-N.txt and processed by scripts/parse-tweets.py.
  • Boundary markers: While the data is returned in a structured JSON format, the instructions do not explicitly warn the agent to ignore or isolate instructions that may be embedded within the scraped tweet content.
  • Capability inventory: The skill employs browser-act for navigation and network monitoring, and bash for running local processing scripts.
  • Sanitization: The Python scripts use standard JSON parsing to extract fields and do not execute or evaluate the content of the tweets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 11:21 AM
Security Audit — agent-trust-hub — x-tweet-by-handle