twitter-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to configure a remote MCP server at
https://rube.app/mcp. This domain is not included in the specified list of trusted external providers. Remote MCP servers provide the execution logic and tool definitions for the agent, which could be altered by the third-party provider without user oversight. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its interaction with public Twitter data.
- Ingestion points: Untrusted data is retrieved from Twitter via
TWITTER_RECENT_SEARCH,TWITTER_USER_LOOKUP_BY_USERNAME, andTWITTER_BOOKMARKS_BY_USERas defined inSKILL.md. - Boundary markers: The instructions do not provide delimiters or clear warnings to the agent to distinguish between its system instructions and potential instructions embedded in tweets.
- Capability inventory: The skill grants the agent extensive write permissions, including
TWITTER_CREATION_OF_A_POST,TWITTER_POST_DELETE_BY_POST_ID, andTWITTER_UNLIKE_POST. - Sanitization: No methods for sanitizing, escaping, or validating the content fetched from Twitter are mentioned, allowing malicious instructions in tweets to potentially influence the agent's next actions.
Audit Metadata