last30days
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection through the ingestion of untrusted external content. Evidence: Ingestion points include Reddit threads, X posts, Hacker News stories, and YouTube transcripts collected via various scripts and aggregated in
scripts/last30days.py. Boundary markers are absent in theSKILL.mdinstructions, which do not contain delimiters or directions to ignore commands within research data. Capability inventory: The agent has access to powerful tools includingBash,WebSearch,Read, andWrite, providing a significant surface for exploitation if an injection occurs. Sanitization: Gathered content is presented to the agent without sanitization or filtering of potential instructions. - [COMMAND_EXECUTION]: Local script and subprocess management. The skill uses the
Bashtool to runscripts/last30days.py. This script further executes several external utilities and scripts via subprocesses, includingyt-dlpfor YouTube data and a vendored Node.js client for X.com searches. Additionally, thescripts/sync.shscript usessedto dynamically modify skill metadata files during deployment. - [CREDENTIALS_UNSAFE]: Access to sensitive personal data and local storage of secrets. The research engine is designed to extract session cookies from browser profile databases (Chrome, Safari, Firefox) to facilitate authentication with X.com. While this is a core component of its 'free X search' feature, it involve accessing sensitive credential storage. The skill also manages and reads multiple API keys stored in a plain-text configuration file at
~/.config/last30days/.env.
Audit Metadata