twitter-reader
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file utilizes dynamic context injection via the
!commandpattern to execute shell commands likecommand -v opencliandopencli doctorat load time. While used for diagnostic purposes, this mechanism allows for silent local command execution upon opening the skill.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of@jackwener/opencli, a global npm package from a third-party source that is not associated with a verified or well-known organization.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes raw, unverified data from Twitter (tweets, search results, profiles). It lacks explicit boundary markers or sanitization logic to protect the agent from adversarial instructions embedded in social media content. \n - Ingestion points: Twitter search results, timelines, and user profiles retrieved via opencli.\n
- Boundary markers: None specified in the instructions for processing retrieved content.\n
- Capability inventory: Shell command execution via opencli subprocess calls.\n
- Sanitization: None present.
Audit Metadata