novita-social-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external social media accounts without sanitization.\n
- Ingestion points: Fetches account bios and tweet content using the
twitterapitool (SKILL.md).\n - Boundary markers: Lacks explicit delimiters or instructions for the agent to disregard potential commands hidden in the fetched data.\n
- Capability inventory: The skill can execute shell commands, perform network data retrieval, and write to a local state file (~/.novita-monitor/state.json).\n
- Sanitization: There is no evidence of filtering or escaping fetched content before it is processed by the agent's logic.
Audit Metadata