x-founder-operations
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external text from X (Twitter) during its daily operations and review cycles.
- Ingestion points: Data enters the system via
scripts/x_data_validator.py, which is designed to process output from the agent's timeline and tweet information tools. - Boundary markers: The instructions do not define clear boundaries or provide explicit directives to the agent to disregard instructions embedded within the tweet content itself.
- Capability inventory: An audit of
scripts/analytics_reporter.py,scripts/content_planner.py, andscripts/x_data_validator.pyconfirms that the skill lacks dangerous capabilities such as network requests, file writes, or shell command execution. - Sanitization: While the validation workflow ensures numeric and structural integrity, it does not include sanitization filters for natural language content to prevent the execution of instructions found in external data.
Audit Metadata