xclaw
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from social media platforms (X/Twitter) which creates a surface for indirect prompt injection attacks.
- Ingestion points: Data is ingested from the
pro.xclaw.infoAPI inxclaw.js, which fetches tweets, profile bios, and other user-generated content. - Boundary markers: The output is provided as structured JSON, but there are no explicit boundary markers or instructions to the agent to disregard commands embedded within the fetched social media text.
- Capability inventory: The skill is granted
Bash,Read, andWritepermissions. If an agent follows instructions found within a fetched tweet, it could lead to unauthorized file operations or command execution. - Sanitization: The script performs basic HTML tag removal for tweet abstracts using regex, but it does not sanitize for linguistic prompt injection patterns in the full text or metadata fields.
Audit Metadata