twitter-to-binance-square
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its stated function using legitimate vendor and official service APIs. No malicious patterns such as obfuscation or persistence were detected.
- [CREDENTIALS_UNSAFE]: The skill correctly uses environment variables (
TWITTER_TOKEN,SQUARE_API_KEY) for authentication. No hardcoded credentials or secrets were found in the source code. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from Twitter via
scripts/auto_mirror.py. While the script treats this data as raw text, there is an inherent risk that malicious tweets could attempt to influence the agent during the content transformation or preview stages. However, the script employs regex-based sanitization and structured templating which reduces the risk of accidental instruction following. - [EXTERNAL_DOWNLOADS]: The script makes network requests to
ai.6551.ioandbinance.com. Theai.6551.iodomain belongs to the skill's author (6551team) and represents a vendor-specific API proxy, which is a neutral finding. - [COMMAND_EXECUTION]: The skill involves a Python script for automation but does not utilize dangerous functions like
eval(),exec(), oros.system()to process user-controlled input.
Audit Metadata