x-tweet-search

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script to generate JavaScript code that is subsequently run in the browser. This is the intended mechanism for data extraction and operates within the local environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts and processes untrusted tweet data from X.
  • Ingestion points: Tweet text and metadata are scraped from the DOM in scripts/extract-tweets.py.
  • Boundary markers: No explicit markers are used to separate scraped content from agent instructions.
  • Capability inventory: The agent has access to browser automation and shell tools.
  • Sanitization: No sanitization of the scraped tweet content is performed before it enters the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — x-tweet-search