promote-on-x
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes content from external X (Twitter) posts.
- Ingestion points: Reads post content and replies from x.com during Phase 2 (Opportunity Discovery).
- Boundary markers: Lacks delimiters or specific instructions to ignore embedded commands within processed tweets.
- Capability inventory: Browser automation via claude-in-chrome, local file access (package.json, README.md), and file writing (/tmp logs).
- Sanitization: No explicit sanitization or filtering of external post content is performed before generating replies.
- [EXTERNAL_DOWNLOADS]: Instructs the user to install the writing plugin from an external marketplace.
- [COMMAND_EXECUTION]: Uses the claude-in-chrome MCP server for browser navigation and interaction. It also utilizes javascript_tool for code injection to manage text input and bypass platform-specific keyboard shortcuts.
Audit Metadata