last30days

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from multiple external sources.
  • Ingestion points: The skill pulls content from Reddit threads, X posts, Hacker News stories, YouTube transcripts, and TikTok/Instagram captions via modules like scripts/lib/openai_reddit.py, scripts/lib/xai_x.py, scripts/lib/youtube_yt.py, scripts/lib/tiktok.py, and scripts/lib/instagram.py.
  • Capability inventory: The agent executing the skill has access to powerful tools including Bash, Read, Write, and WebSearch.
  • Sanitization: Content is truncated for length, but the skill lacks explicit mechanisms to sanitize ingested text for hidden instructions or adversarial patterns designed to manipulate the LLM's synthesis or subsequent actions.
  • [COMMAND_EXECUTION]: The skill orchestrates multiple local scripts and system binaries to perform research tasks.
  • Orchestration: scripts/last30days.py uses subprocess to run Node.js for a vendored Twitter client (scripts/lib/bird_x.py) and yt-dlp for YouTube processing (scripts/lib/youtube_yt.py).
  • Safety: All subprocess calls use list-style arguments rather than shell strings, mitigating standard shell injection vulnerabilities despite processing user-supplied topic strings.
  • Sensitivity: The vendored X search client (scripts/lib/vendor/bird-search/) includes functionality to read browser cookie databases (Safari/Chrome/Firefox) on the local machine to authenticate requests to X.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 04:53 PM
Security Audit — agent-trust-hub — last30days