my-fetch-tweet
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch data from
api.fxtwitter.com. This is a well-known open-source utility (FxEmbed) used to access Twitter content in a format suitable for processing. - [PROMPT_INJECTION]: The skill defines an indirect prompt injection surface because it processes untrusted data from an external source (X/Twitter).
- Ingestion points: Data is ingested via the FxEmbed API response as described in
SKILL.md. - Boundary markers: The instructions do not include specific delimiters or 'ignore embedded instructions' warnings to prevent the agent from accidentally following commands found within the tweet text.
- Capability inventory: The skill uses the
WebFetchtool for network data retrieval. It does not utilize subprocess execution, file writing, or other high-privilege capabilities. - Sanitization: There is no evidence of sanitization or filtering of the external tweet text before it is passed to the translation and summary pipeline.
- [NO_CODE]: No executable script files or source code were provided with this skill; it consists entirely of instructional documentation and API interaction patterns.
Audit Metadata