twitter-thread-creation
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads an installation script from
https://cli.inference.sh. This domain is the official resource for theinfshcommand-line tool provided by the vendor. - [REMOTE_CODE_EXECUTION]: The installation process involves piping a remote script to a shell (
curl | sh). While this pattern is often scrutinized, in this context, it is the authorized method for installing the vendor's own software. - [COMMAND_EXECUTION]: The skill utilizes the
infshCLI to execute various tasks such as posting to social media, performing web searches, and capturing browser screenshots. These commands are integral to the skill's stated purpose. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its ability to ingest and process data from the web.
- Ingestion points: External content is brought into the agent context via the
tavily/search-assistantandinfsh/agent-browsertools. - Boundary markers: No explicit delimiters are used to separate external data from system instructions in the provided examples.
- Capability inventory: The skill can post to external platforms (Twitter/X) using the
x/post-createtool. - Sanitization: There is no evidence of content filtering or sanitization of the external data before it is used for thread generation.
Audit Metadata