x-tweet-search-by-query

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs two local Python scripts, scripts/build-search-url.py and scripts/parse-tweets.py, to generate search URLs and process captured JSON data. These scripts are safe and do not interact with the network or sensitive files.- [PROMPT_INJECTION]: The skill handles data from an external source (X.com), which introduces a surface for indirect prompt injection.
  • Ingestion points: Raw network response data saved to tmp/x-search-page-N.txt.
  • Boundary markers: The process outputs structured JSON data.
  • Capability inventory: The skill uses Python for parsing and bash for script execution.
  • Sanitization: The scripts extract specific JSON fields for normalization but do not sanitize text strings against prompt injection attacks.- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill relies on the user's existing browser session and respects session-based authentication.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 11:21 AM
Security Audit — agent-trust-hub — x-tweet-search-by-query