web-search-advanced-tweet
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): This skill is designed to ingest and process untrusted external data from Twitter/X. 1. Ingestion points: Data enters via the web_search_advanced_exa tool as defined in SKILL.md. 2. Boundary markers: None are present to separate untrusted content from agent instructions. 3. Capability inventory: The skill distills and merges search results but contains no direct shell-execution or file-writing capabilities in the provided instructions. 4. Sanitization: No sanitization or filtering of the retrieved content is specified.
- Mitigation (INFO): The 'Token Isolation' section correctly identifies the risk of context contamination and prescribes using sub-agents to process external data, which is an effective defensive design pattern.
Audit Metadata