twitter-thread-creation
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill integrates tools such as
infsh/agent-browserandtavily/search-assistantwhich ingest content from the live web. This creates a surface for indirect prompt injection, where malicious instructions hidden on external websites or in search results could attempt to influence the agent's output or tool usage. - Ingestion points:
infsh/agent-browser(takes URL as input),tavily/search-assistant(takes search query as input). - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potential instructions embedded in the fetched data.
- Capability inventory: The agent can post content to Twitter (
x/post-create), generate images from HTML, and browse the web. - Sanitization: There is no evidence of sanitization or filtering applied to the data retrieved from external sources before it is processed.
- [COMMAND_EXECUTION]: The skill relies extensively on the
beltCLI tool to perform actions like posting tweets and running utility apps. While these are documented as standard operations for this skill's ecosystem, the use of shell commands to interact with external services is a primary capability. - [EXTERNAL_DOWNLOADS]: The documentation references an external installation script (
cli-install.md) and demonstrates adding additional skill packages from theinference-shGitHub repository usingnpx. These resources are hosted on a well-known service (GitHub) and are associated with the skill's authoring organization.
Audit Metadata