x-webmcp
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local environment using tools like
uxc,x-webmcp-cli, andnpx. It provides a scriptensure-links.shto configure links to the underlying web bridge. - [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to download browser binaries via
npx playwright install, which is a standard procedure for browser automation tools. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it reads content from X and possesses the ability to post data back to the platform.
- Ingestion points: External data is ingested through tools like
timeline.home.list,search.tweets.list, andgrok.chatas specified inSKILL.md. - Boundary markers: No boundary markers or special instructions are defined to protect against instructions embedded in fetched X content.
- Capability inventory: The skill includes tools for creating and replying to tweets (
tweet.create,tweet.reply) and publishing markdown articles. - Sanitization: There are no explicit sanitization steps mentioned for the data retrieved from X APIs or web pages.
Audit Metadata