x-cdp-scraper
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The script contains a hardcoded Twitter Bearer Token in
scripts/cdp_tweet_fetcher.pyandscripts/fetch_articles.py. While this is a known public token used by the Twitter web client, it is hardcoded as a static string in the source code. - [DATA_EXFILTRATION]: The skill performs sensitive data access by extracting
auth_tokenandct0(CSRF) cookies from the user's browser via a Playwright CDP connection. These cookies are used to authenticate direct HTTP requests to Twitter's internal GraphQL endpoints. - [COMMAND_EXECUTION]: Instructions in
SKILL.mdrequire the user to execute shell commands to launch their browser with the--remote-debugging-portflag enabled, which allows the skill's scripts to connect to and control the active browser session and its data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from an external platform. Ingestion points: Data enters the system via Twitter's GraphQL API responses in
cdp_tweet_fetcher.pyandfetch_articles.py. Boundary markers: None; the skill does not use delimiters or provide instructions to the agent to ignore embedded commands in the scraped content. Capability inventory: The skill has the capability to write files to the local disk and make outbound network requests viahttpx. Sanitization: The skill converts Draft.js content to Markdown but does not perform sanitization or escaping of the raw tweet text before saving it to JSON or Markdown reports. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
playwrightandhttpxPython packages from standard registries and fetches the Chromium browser binary via Playwright. These are documented as well-known dependencies.
Audit Metadata