twitter-monitor
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements standard logic for fetching and formatting public social media data using the twitterapi.io API. It properly advises against committing secrets to source control.
- [COMMAND_EXECUTION]: The instructions guide the agent to configure system scheduling tools such as cron or launchd for recurring execution. These operations are explicitly gated behind user confirmation and successful manual testing of the workflow.
- [PROMPT_INJECTION]: The skill processes untrusted content (tweet text) from an external API. This presents a potential surface for indirect prompt injection if the agent later processes the collected records as instructions. The skill handles this risk by using structured data (JSON/CSV) for output and including deduplication logic.
- [EXTERNAL_DOWNLOADS]: The documentation mentions the use of
feishu-clifor data synchronization. This is a recognized tool for integration with the Feishu/Lark productivity platform.
Audit Metadata