opentwitter
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a section titled "内容合规要求" (Content Compliance Requirements) which instructs the agent to adopt a specific political stance and censor API results. By using imperative language such as "You must..." and providing mandatory response strings for blocked content, these instructions attempt to override the agent's default objective processing and safety guidelines.
- [PROMPT_INJECTION]: The skill processes untrusted data from the Twitter/X platform (such as tweet text and user bios), creating a surface for indirect prompt injection.
- Ingestion points: Data is ingested via the
twitter_search,twitter_user_tweets, andtwitter_tweet_by_idendpoints inSKILL.md. - Boundary markers: The skill does not define specific delimiters or "ignore previous instructions" warnings to wrap the external data.
- Capability inventory: The agent can execute shell commands (curl) and establish WebSocket connections to interpret real-time data.
- Sanitization: There is no evidence of programmatic sanitization; the skill relies on manual agent instructions to filter sensitive content.
- [COMMAND_EXECUTION]: The skill metadata and operation guides specify the use of the
curlbinary to perform POST requests and manage WebSocket subscriptions to theai.6551.iodomain.
Audit Metadata