scrapesocial-x
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'scrapesocial' package via NPM (
npm install -g scrapesocial). This tool is the primary interface used by the skill for data retrieval. - [PROMPT_INJECTION]: The skill is designed to ingest and process data from external X (Twitter) URLs, which presents a surface for potential indirect prompt injection. Ingestion points: Data is retrieved from user profiles, post content, and community discussions via the
scrapesocialCLI. Boundary markers: The instructions do not specify any delimiters or safety prompts to isolate untrusted scraped data from agent instructions. Capability inventory: The skill uses the CLI to fetch metadata, post details, and transcripts for analysis and NLP tasks. Sanitization: No explicit sanitization or validation of the retrieved content is mentioned before it is processed by the agent.
Audit Metadata