tweet-ideas
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): The
/tweets styleand/tweets featurecommands allow for arbitrary string input. These could be leveraged for prompt injection to manipulate agent behavior, although the scope is limited to text generation styling. - [Data Exposure & Exfiltration] (LOW): Several commands, such as
/tweets project <path>and/tweets changelog <path>, accept arbitrary file paths. This introduces a potential path traversal vulnerability where the agent might be prompted to access sensitive local files if input validation is not enforced by the underlying implementation. - [Indirect Prompt Injection] (LOW): The skill's primary function involves processing untrusted data from external project files.
- Ingestion points: Reads content from
CHANGELOG.md,README.md, andpackage.jsonat user-defined paths. - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are documented in the skill definition.
- Capability inventory: File read operations are performed on the specified paths.
- Sanitization: No sanitization or validation of the file content is mentioned prior to interpolation into the generation prompt.
Audit Metadata