twitter-thread-creation
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (HIGH): The skill instructs the user or agent to execute
curl -fsSL https://cli.inference.sh | sh. This pattern is highly dangerous as it downloads and executes a script with current user privileges from an external server. The source domaininference.shis not among the verified trusted organizations. - External Downloads (MEDIUM): The skill uses
npx skills addto download additional skills from theinference-shorganization. Whilenpxis a standard tool, the source is unverifiable and untrusted, potentially leading to the execution of malicious logic. - Command Execution (MEDIUM): The skill performs multiple shell executions using the
infshbinary to interact with external APIs (Twitter, browser, search). This grants the skill broad capabilities to interact with the system and network based on instruction-driven inputs. - Indirect Prompt Injection (LOW): The skill processes untrusted input for tweet generation and web searching without proper sanitization or boundary markers.
- Ingestion points:
SKILL.mdcontains multiple instances where user-provided text is passed intoinfsh app runcommands (e.g.,x/post-create,tavily/search-assistant). - Boundary markers: Absent. The inputs are directly interpolated into JSON strings within shell commands.
- Capability inventory: The skill can execute subprocesses to post content to social media, take screenshots via a headless browser, and perform web searches.
- Sanitization: Absent. There is no evidence of escaping or validation of the input strings before they are passed to the CLI tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata