x-integration
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's behavior aligns with its stated purpose of providing X integration via browser automation.
- [COMMAND_EXECUTION]: The host-side handler (
host.ts) executes local automation scripts using hardcoded paths and restricted input mapping, which prevents arbitrary command execution on the host machine. - [DATA_EXFILTRATION]: Interactions with X.com are the primary function of the skill. Authentication is handled via a local Chrome profile (
data/x-browser-profile/), and sensitive session data is not sent to unauthorized third-party domains. The skill documentation correctly identifies the need to exclude this profile from version control. - [PROMPT_INJECTION]: Potential indirect prompt injection risks are mitigated by the implementation of user group restrictions ('main group only') and input validation for tweet content before it is processed by the automation scripts.
Audit Metadata