community-notes
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill references an external Javascript file
src/communityNotes.jswhich contains the actual logic but was not provided for security review. - [SAFE]: The documentation and configuration patterns are consistent with the stated purpose of managing Community Notes via browser automation.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests untrusted data from X.com.
- Ingestion points: The skill reads tweet text and existing Community Notes directly from the browser DOM at x.com via the
src/communityNotes.jsscript. - Boundary markers: Absent. There are no instructions to the agent to ignore or delimit embedded commands within the fetched content.
- Capability inventory: Performs DOM manipulation and browser-based actions (view, write, rate) on x.com.
- Sanitization: Absent. No explicit sanitization or validation of the ingested content is described in the provided instructions.
Audit Metadata