Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill uses
twitter-clito automatically extract session cookies from browser profiles (Chrome, Arc, Edge, Firefox, Brave) to authenticate with Twitter/X without API keys. It also encourages setting environment variables likeTWITTER_AUTH_TOKENandTWITTER_CT0which contain sensitive session data.\n- [COMMAND_EXECUTION]: The documentation suggests runningsecurity unlock-keychain ~/Library/Keychains/login.keychain-dbon macOS. This command allows the CLI tool to decrypt cookies but also lowers the security posture of the system keychain.\n- [EXTERNAL_DOWNLOADS]: The skill's setup process involves installingtwitter-clifrom an external source viauv tool install twitter-cli. This introduces a dependency on a third-party tool (jackwener/twitter-cli) that is not part of the trusted vendor list.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from Twitter (tweets, search results, and profiles).\n - Ingestion points: Data enters through
twitter feed,twitter search, andtwitter user-postscommands in SKILL.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands in the fetched data are present.\n
- Capability inventory: The agent can execute system commands via
twitter-cli, write output to files using-o, and perform network operations to x.com.\n - Sanitization: There is no evidence of sanitization or filtering of the fetched tweet content before it is presented to the agent for analysis.
Audit Metadata