blocking-muting-management
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external social media profiles to trigger automated account actions.\n
- Ingestion points: The scripts read content from
x.com/USERNAME/followers, user timelines, and search results as described inSKILL.md.\n - Boundary markers: No boundary markers or instructions to ignore embedded commands are mentioned in the detection logic.\n
- Capability inventory: The documented scripts can perform automated
block,unblock,mute,unmute, andreport spamactions using DOM selectors like[data-testid="block"].\n - Sanitization: The bot detection heuristics (e.g., bio keywords) lack sanitization or validation of the input content.\n- [COMMAND_EXECUTION]: The documentation describes scripts that programmatically interact with the browser's Document Object Model (DOM) to automate navigation and click-based actions on the X platform.\n- [DATA_EXFILTRATION]: The scripts read and process user-specific data, including follower lists, account metadata (age, follower counts), and tweet content to execute its management functions.\n- [NO_CODE]: The skill references multiple JavaScript files in a
src/directory (e.g.,massBlock.js,blockBots.js,muteByKeywords.js) and a globalwindow.XActionsobject, but the source code for these scripts is not included in the provided files.
Audit Metadata