scrapesocial-x
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install an external dependency, the scrapesocial NPM package, globally to perform its primary functions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from external sources (X posts and video transcripts) without explicit sanitization or boundary markers. 1. Ingestion points: Data enters the context via x profiles get, x posts, x posts get, x transcript, and x communities posts from file SKILL.md. 2. Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the ingested content. 3. Capability inventory: The skill utilizes the scrapesocial CLI to fetch external data across all workflow examples in SKILL.md. 4. Sanitization: There is no documented validation or escaping of the retrieved social media content before processing.
Audit Metadata