x-tweet-search
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script to generate JavaScript code that is subsequently run in the browser. This is the intended mechanism for data extraction and operates within the local environment.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts and processes untrusted tweet data from X.
- Ingestion points: Tweet text and metadata are scraped from the DOM in
scripts/extract-tweets.py. - Boundary markers: No explicit markers are used to separate scraped content from agent instructions.
- Capability inventory: The agent has access to browser automation and shell tools.
- Sanitization: No sanitization of the scraped tweet content is performed before it enters the agent context.
Audit Metadata