last30days
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from multiple external sources.
- Ingestion points: The skill pulls content from Reddit threads, X posts, Hacker News stories, YouTube transcripts, and TikTok/Instagram captions via modules like
scripts/lib/openai_reddit.py,scripts/lib/xai_x.py,scripts/lib/youtube_yt.py,scripts/lib/tiktok.py, andscripts/lib/instagram.py. - Capability inventory: The agent executing the skill has access to powerful tools including
Bash,Read,Write, andWebSearch. - Sanitization: Content is truncated for length, but the skill lacks explicit mechanisms to sanitize ingested text for hidden instructions or adversarial patterns designed to manipulate the LLM's synthesis or subsequent actions.
- [COMMAND_EXECUTION]: The skill orchestrates multiple local scripts and system binaries to perform research tasks.
- Orchestration:
scripts/last30days.pyusessubprocessto run Node.js for a vendored Twitter client (scripts/lib/bird_x.py) andyt-dlpfor YouTube processing (scripts/lib/youtube_yt.py). - Safety: All subprocess calls use list-style arguments rather than shell strings, mitigating standard shell injection vulnerabilities despite processing user-supplied topic strings.
- Sensitivity: The vendored X search client (
scripts/lib/vendor/bird-search/) includes functionality to read browser cookie databases (Safari/Chrome/Firefox) on the local machine to authenticate requests to X.
Audit Metadata