octolens
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes content fetched from external platforms like Twitter and Reddit. Since this content is user-generated and untrusted, it could contain adversarial instructions (Indirect Prompt Injection) designed to manipulate the agent's behavior.
- Ingestion points: Mention data is retrieved through 'scripts/fetch-mentions.js', 'scripts/query-mentions.js', and 'scripts/advanced-query.js'.
- Boundary markers: The skill instructions do not specify the use of delimiters or "ignore instructions" warnings when the agent processes the retrieved mention text.
- Capability inventory: The skill utilizes Node.js scripts to perform network requests and read responses from an external API.
- Sanitization: No explicit sanitization or filtering of the fetched mention bodies is described before the data is presented to the agent.
- [EXTERNAL_DOWNLOADS]: The 'scripts/README.md' file provides instructions for installing Node.js from NodeSource, a well-known service provider.
Audit Metadata