notifications-management
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill references multiple script files (e.g.,
src/notificationManager.js,scripts/scrapeNotifications.js,src/welcomeNewFollowers.js,src/engagementLeaderboard.js) that are not provided in the skill package.\n- [PROMPT_INJECTION]: The skill processes untrusted external data (X/Twitter notifications and user bios) to generate or customize automated messages, creating an indirect prompt injection surface.\n - Ingestion points: Scraped notification text from
x.com/notificationsand follower bios fromx.com/USERNAME/followers.\n - Boundary markers: There are no specified delimiters or instructions to ignore commands within the ingested data.\n
- Capability inventory: The strategy guide indicates the agent reviews and customizes message templates based on the content of external bios and notifications.\n
- Sanitization: No validation or sanitization of the external content is described.
Audit Metadata