twitter-automation
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads an installation script from the vendor's domain at cli.inference.sh.
- [REMOTE_CODE_EXECUTION]: The instructions direct the user to execute a shell script retrieved via curl and piped to sh for the purpose of installing the infsh CLI tool.
- [COMMAND_EXECUTION]: The skill makes extensive use of the infsh CLI tool via Bash to perform social media actions such as tweeting and following users.
- [PROMPT_INJECTION]: The skill processes user-supplied data that is interpolated into command arguments, which represents a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through JSON-formatted input strings provided as arguments to the infsh app run commands in SKILL.md.
- Boundary markers: The skill uses JSON objects to structure the user input, providing a basic boundary between data and command logic.
- Capability inventory: The skill is authorized to use the infsh CLI (via allowed-tools), which has the capability to perform network requests to the Twitter/X API.
- Sanitization: There is no evidence of explicit sanitization or validation of the user-provided text content before it is processed by the CLI tool.
Audit Metadata