bookmarks-management
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill facilitates the extraction of extensive personal data from X/Twitter bookmarks, including private content, media, and metadata, which is then exported to local files. While the export is local, the large-scale harvesting of user data represents a potential exposure risk if the resulting files are handled insecurely by the agent.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted content from social media posts.
- Ingestion points:
scripts/scrapeBookmarks.jsandsrc/bookmarkOrganizer.jsingest tweet text via the[data-testid="tweetText"]selector. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The skill includes file system writes (CSV/JSON exports) and browser automation via Puppeteer (
src/bookmarkManager.js). - Sanitization: There is no mention of sanitizing or validating the scraped tweet content before processing or exporting.
Audit Metadata