twitter-thread-creation
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references CLI installation instructions and supplementary skills from the author's official GitHub repository, facilitating standard environment setup.
- [COMMAND_EXECUTION]: The skill uses the
infshcommand-line utility via Bash to interact with the platform and execute content-related tasks. - [DATA_EXFILTRATION]: The skill involves network interactions with the X/Twitter API and Tavily search services to post content and perform research.
- [PROMPT_INJECTION]: The skill ingests data from external sources via
tavily/search-assistantandinfsh/agent-browser(ingestion points in SKILL.md), lacks explicit boundary markers for these inputs, and maintains capabilities such as content posting and skill addition (capability inventory in SKILL.md) without visible sanitization logic. This represents an indirect prompt injection surface.
Audit Metadata