ct-alpha
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches real-time data from the X API v2 (api.x.com). This is a well-known service and the network calls are used to perform the skill's primary research function.
- [COMMAND_EXECUTION]: The installation script install.ts uses Bun.spawn to execute a test search using the skill's own CLI logic. This is a local execution scoped to verifying the setup and API connectivity.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its ingestion of untrusted data from X. Ingestion points: lib/api.ts retrieves tweet content from the external X API. Boundary markers: Tweets are formatted with credibility labels (e.g., [WATCHLIST]) and markdown in lib/format.ts to distinguish content from instructions. Capability inventory: The agent can execute CLI commands via ct-search.ts, and the install.ts script demonstrates subprocess spawning capabilities. Sanitization: Content is truncated and formatted in lib/format.ts, but there is no specific sanitization to prevent the agent from following instructions embedded within tweets.
Audit Metadata