twitter-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill extracts content from external tweets which may contain malicious instructions designed to manipulate the agent's logic once the data is processed.
- Ingestion points: The
parse_tweets_from_htmlfunction inscripts/scraper.pyingests HTML content from the external xcancel.com domain. - Boundary markers: Absent. There are no explicit delimiters or instructions to ignore embedded commands when the data is passed back to the agent or formatted in
format_tweets_for_report. - Capability inventory: The skill is designed to work with an automated browser tool and has access to the local file system to save scraped data.
- Sanitization: The
_clean_htmlfunction inscripts/scraper.pyperforms basic HTML tag stripping and entity decoding but does not sanitize the resulting text for instruction-like strings or adversarial natural language content.
Audit Metadata