x-tracker
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from X (tweets and bookmarks) and Notion pages to generate AI-powered digests and rewrites, creating a surface for indirect prompt injection.
- Ingestion points: The skill reads tweet data from local JSON archives (e.g., in
scripts/analyze.ts) and fetches page content from the Notion API (inscripts/notion.ts). - Boundary markers: The instructions for the rewriting sub-agent in
SKILL.mddo not specify the use of boundary markers or instructions to disregard potential commands embedded within the processed content. - Capability inventory: The skill possesses the capability to perform network requests to X, Notion, and Discord APIs, and has write access to the local file system for archiving data and generating reports.
- Sanitization: The implementation includes basic text cleaning (whitespace removal and truncation) but lacks semantic sanitization to identify or neutralize instructions hidden within the tweet text.
Audit Metadata