twitter-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python script
scripts/search_twitter.pyintended for local execution to interact with the Apify API. Analysis of the code shows it performs legitimate search and data retrieval tasks. - [EXTERNAL_DOWNLOADS]: The skill requires the
requestsPython library, which is a standard and well-known package for making HTTP requests. - [DATA_EXFILTRATION]: The script communicates with
api.apify.comto perform its scraping tasks. This is the official API endpoint for Apify, a well-known web scraping service. It uses an API token provided by the user via environment variables or CLI arguments, following standard security practices for secret management. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (tweets) retrieved from the internet. While this data is presented to the user/agent in JSON or summary format, the skill does not execute any part of the tweet content, though subsequent agent actions based on this content should be monitored for indirect instructions.
- Ingestion points: Tweet data is fetched in
scripts/search_twitter.pyfrom the Apify dataset API. - Boundary markers: None present in the formatted summary output.
- Capability inventory: Network access via
requeststo Apify API. - Sanitization: The script performs keyword filtering and deduplication but does not sanitize the text content of the tweets.
Audit Metadata