x-trends
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill parses and displays content from an external website, creating a surface for indirect prompt injection.
- Ingestion points: index.js fetches HTML content from getdaytrends.com.
- Boundary markers: Absent; external text is printed directly to the console.
- Capability inventory: No dangerous capabilities identified; the script only uses console output and lacks file writing or command execution.
- Sanitization: Absent; trend names are not filtered for instruction markers.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): All dependencies are standard, well-known npm packages. No remote code execution or script downloading was detected.
Audit Metadata