direct-messages
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes incoming messages from X/Twitter, which serve as untrusted external inputs. This creates a surface for indirect prompt injection where malicious instructions embedded in DMs could manipulate the agent's actions.\n
- Ingestion points:
src/dmManager.jsreads conversation content and message requests.\n - Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill can send personalized DMs and export conversation history.\n
- Sanitization: There is no evidence of content sanitization or validation before processing message data.\n- [NO_CODE]: The skill references source files
src/sendDirectMessage.jsandsrc/dmManager.jswhich contain the executable logic for interacting with the browser's DOM. These files are missing from the provided content, limiting the analysis to the metadata and documentation.
Audit Metadata