Skills
skills/b-open-io/prompts/x-tweet-search/Gen Agent Trust Hub

x-tweet-search

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PERSISTENCE]: The scripts/setup.sh script provides instructions that modify the user's shell profile (~/.zshrc) to store the X_BEARER_TOKEN. While this is for legitimate configuration, it utilizes a persistence mechanism to maintain environment variables across sessions.
  • [INDIRECT_PROMPT_INJECTION]: The skill fetches raw content from X/Twitter, an untrusted external source. The retrieved data is returned to the agent without sanitization or boundary markers, which could allow malicious instructions embedded in tweets to influence the agent's behavior.
  • Ingestion points: Fetches data from https://api.x.com/2/tweets/search/recent in scripts/search.sh.
  • Boundary markers: Absent; the script returns raw JSON output directly to the agent context.
  • Capability inventory: The skill uses curl and jq via Bash, with the ability to perform network requests.
  • Sanitization: None; the tweet content is passed through without filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:39 AM