threads-engagement
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to manage and inject highly sensitive authentication data, specifically session cookies (sessionid, ds_user_id, csrftoken, etc.), from a local file path (~/.hermes/browser-sessions/threads.json). It provides explicit templates for injecting these values directly into the browser context using console commands.
- [COMMAND_EXECUTION]: The skill directs the agent to use
browser_consoleto execute arbitrary JavaScript for session restoration and complex file upload tasks (e.g., creating File objects from Base64 data and using DataTransfer to bypass standard UI limitations). While these are functional requirements, they represent powerful dynamic execution capabilities. - [PROMPT_INJECTION]: The skill is designed to ingest and respond to untrusted external data from Threads feeds, notifications, and profiles. It lacks explicit boundary markers or sanitization logic to isolate this external content from the agent's core instructions.
- Ingestion points: Threads activity feed, post content, and user replies.
- Boundary markers: Absent; instructions do not use delimiters to wrap external text.
- Capability inventory: Includes browser navigation, snapshots, typing, clicking, and console execution across Threads.net.
- Sanitization: None provided; the agent is instructed to match the language and vibe of the untrusted source directly.
Audit Metadata