x
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill is designed to manage and utilize raw X (Twitter) credentials. It instructs the user to store cleartext usernames and passwords in a local configuration file (
community-pulse/skills/x/.env.profiles.local). The agent then reads these credentials and uses the Browser MCP to programmatically fill authentication forms. Storing and processing raw passwords through an AI agent significantly increases the risk of accidental exposure or leakage into the model's context or logs. - PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface. It ingests untrusted data from X (tweets, bios, and search results) via the
research.mdaction and uses this data to inform itsengage.mdaction. - Ingestion points:
references/research.md(viaread_pageandget_page_texton X search and profile pages). - Boundary markers: Absent. The skill does not define clear delimiters or instructions to ignore embedded commands in the scraped content.
- Capability inventory: The skill has the capability to post content (replies, tweets, quote tweets) to X using the Browser MCP.
- Sanitization: Absent. There is no mention of filtering or sanitizing the content retrieved from X before it is used to draft proposed replies.
Recommendations
- AI detected serious security threats
Audit Metadata