community-management
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill references several local source files (src/leaveAllCommunities.js, src/joinCommunities.js, src/engagementBooster.js, and src/audienceDemographics.js) which are not included in the provided analysis package.
- [PROMPT_INJECTION]: The documentation describes a process for scraping and acting upon untrusted external data, which introduces a surface for indirect prompt injection.
- Ingestion points: The joinCommunities.js script scrapes community names and descriptions directly from the X/Twitter discovery page (x.com/i/communities/suggested).
- Boundary markers: No boundary markers or delimiters are mentioned in the documentation to help distinguish between descriptive metadata and potentially malicious instructions embedded in community names.
- Capability inventory: The skill is designed to perform automated DOM actions on a social media platform, including clicking Join and Leave buttons and interacting with community members.
- Sanitization: There is no description of content sanitization or validation of the community strings before they are processed by the keyword matching logic.
Audit Metadata