Skills
skills/jaxzhang-svg/novita-skills/twitterapi-cli/Gen Agent Trust Hub

twitterapi-cli

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the Twitter API, creating a vulnerability to indirect prompt injection.
  • Ingestion points: User bios, tweet text, and search results are retrieved from external sources via user info, user tweets, and tweet search commands.
  • Boundary markers: Responses are structured as JSON, which provides a data container but lacks specific instructions to the agent to treat the content as data rather than instructions.
  • Capability inventory: The skill fetches content from the network and provides it directly to the agent's context for processing.
  • Sanitization: No sanitization, escaping, or filtering of the retrieved text content is documented or demonstrated.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the external service API at api.twitterapi.io and references documentation at docs.twitterapi.io.
  • [NO_CODE]: The primary logic for the tool is contained in scripts/twitterapi, which is described as a standalone Bun binary but was not included in the provided files for security verification.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:30 PM