business-ads
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill defines logic across multiple external files, including
src/businessTools.js,src/tweetABTester.js, andsrc/autoPlugReplies.js, but the contents of these scripts were not provided for security verification. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from X (Twitter), which creates a surface for indirect prompt injection. Malicious instructions embedded in follower bios or brand mentions could potentially influence the agent's behavior. • Ingestion points: Follower biographies and brand mentions are processed by
src/businessTools.js. • Boundary markers: No delimiters or protective instructions (e.g., "ignore embedded commands") are specified in the documentation. • Capability inventory: The skill utilizes Puppeteer for browser automation and includes write capabilities such as automated promotional replies viasrc/autoPlugReplies.js. • Sanitization: There is no evidence of data validation or sanitization of the social media content before it is processed or used in automation.
Audit Metadata