claw-tracker
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks.
- Ingestion points: Untrusted tweet content is retrieved from external Nitter mirrors in
scripts/timeline_fetcher.py. - Boundary markers: The prompt in
scripts/attitude_analyzer.pydoes not use delimiters (like triple quotes or XML tags) or instructions to ignore embedded commands in the tweet text. - Capability inventory: The skill lacks dangerous execution capabilities such as
eval,exec, orsubprocessthat could be triggered by injected content, but it can write to local JSON files. - Sanitization: No sanitization or validation is performed on the tweet text before it is interpolated into the AI prompt.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to external services.
- It uses the Python standard library to connect to Nitter instances and various well-known AI provider APIs.
- These operations are central to the skill's functionality but involve interaction with external infrastructure and third-party endpoints.
Audit Metadata