twitter-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from Twitter, making it a potential surface for indirect prompt injection attacks.
- Ingestion points: Data enters via
TWITTER_RECENT_SEARCH,TWITTER_FULL_ARCHIVE_SEARCH, and user lookup tools. - Boundary markers: None. The instructions do not define delimiters or specific safety warnings to prevent the agent from following instructions embedded in tweets.
- Capability inventory: The skill allows the agent to create posts, delete posts, and manage bookmarks, which could be exploited if an injection is successful.
- Sanitization: No sanitization or validation of external tweet content is specified before the agent processes it.
- [No Code] (SAFE): The skill consists solely of markdown instructions. There are no executable scripts, binaries, or configuration files that could facilitate direct remote code execution or unauthorized local file system access.
Audit Metadata