spaces-live
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill documentation references external JavaScript files (src/spacesManager.js, src/scrapeSpaces.js, src/keywordMonitor.js, and src/engagementBooster.js) that were not included in the provided file. This prevents verification of the underlying script logic.
- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of untrusted data from X/Twitter. (1) Ingestion points: Data is collected from X search results, timelines, and Space metadata. (2) Boundary markers: No delimiters or instructions to ignore embedded commands are defined. (3) Capability inventory: The skill is intended to join live audio sessions, request to speak, and manage interactions. (4) Sanitization: No validation or sanitization of external content is described.
Audit Metadata