tweet-series-extractor
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a standard web scraping workflow using authorized browser automation tools to collect public data from a well-known service (X.com). The operations, including navigation and link extraction via JavaScript, are consistent with the skill's stated purpose.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from X.com into the agent's context.
- Ingestion points: Page text and DOM data are retrieved from X.com using the get_page_text and read_page tools as described in SKILL.md.
- Boundary markers: The workflow lacks explicit delimiters or instructions to the agent to treat the retrieved tweet content as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent has access to browser navigation, DOM reading, and JavaScript execution via the mcp__claude-in-chrome__ toolset.
- Sanitization: There is no evidence of content sanitization or validation of the retrieved tweet data before it is processed or presented in the output JSON structure.
Audit Metadata