x-tweet-search-by-query
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs two local Python scripts,
scripts/build-search-url.pyandscripts/parse-tweets.py, to generate search URLs and process captured JSON data. These scripts are safe and do not interact with the network or sensitive files.- [PROMPT_INJECTION]: The skill handles data from an external source (X.com), which introduces a surface for indirect prompt injection. - Ingestion points: Raw network response data saved to
tmp/x-search-page-N.txt. - Boundary markers: The process outputs structured JSON data.
- Capability inventory: The skill uses Python for parsing and bash for script execution.
- Sanitization: The scripts extract specific JSON fields for normalization but do not sanitize text strings against prompt injection attacks.- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill relies on the user's existing browser session and respects session-based authentication.
Audit Metadata