discovery-explore
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The metadata field 'author' identifies the creator as 'nichxbt', which conflicts with the provided author context of 'nirholas'. This discrepancy suggests potential metadata poisoning or impersonation of a known social media entity.- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted third-party data from X/Twitter, creating a vulnerability to indirect prompt injection.
- Ingestion points: The skill scrapes content from the X/Twitter explore page, search results, and trending hashtag pages.
- Boundary markers: The provided documentation does not include any instructions or delimiters to help the agent distinguish between its system prompts and potentially malicious instructions embedded in scraped tweets or trends.
- Capability inventory: The skill is part of a larger workflow that includes composing new threads and tracking performance, providing an avenue for injected instructions to influence the agent's outbound communication.
- Sanitization: There is no evidence of filtering, escaping, or validation being performed on the scraped content before it is processed by the AI agent.- [NO_CODE]: The provided package contains only the SKILL.md documentation file. All functional components, including the JavaScript browser scripts and MCP tool implementations referenced in the text (such as 'src/trendingTopicMonitor.js' and 'scripts/scrapeSearch.js'), are missing.
Audit Metadata