x-trends
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The tool performs outbound network requests to getdaytrends.com to fetch trending data. While this domain is not on the predefined whitelist, the behavior is expected given the skill's purpose. No sensitive user data or system credentials are involved.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted HTML content from an external website and passes it to the output.
- Ingestion points: HTML data retrieved from https://getdaytrends.com/ within index.js.
- Boundary markers: None; the output does not use delimiters to isolate external data from the agent's context.
- Capability inventory: Low risk; the skill's capabilities are limited to displaying information and do not include file system modifications or command execution.
- Sanitization: None; the script extracts raw text from the source website via cheerio without additional filtering for instructions.
Audit Metadata