twitter-cli
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The tool performs automated extraction of session cookies from the local browser. This involves reading sensitive browser database files to retrieve active session tokens, which is a credential harvesting pattern that bypasses secure authentication methods like OAuth.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external third-party package
twitter-clivia theuvtool. This downloads and executes code from a remote source that is not verified in the context of this skill. - [COMMAND_EXECUTION]: The skill operates by executing shell commands (e.g.,
twitter search,twitter post) and requires the agent to modify the system'sPATHenvironment variable. - [DATA_EXFILTRATION]: The combination of harvested credentials (cookies) and network-facing operations (posting to Twitter) creates a high risk of sensitive data exposure or session hijacking.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Untrusted data enters the agent context via
twitter searchandtwitter feedinSKILL.md. 2. Boundary markers: The instructions lack delimiters or warnings to ignore instructions inside retrieved tweets. 3. Capability inventory: The skill allows subprocess calls (twitter post,twitter delete) and file writes (-o/--output). 4. Sanitization: There is no evidence of sanitization or validation of the external content before processing.
Recommendations
- AI detected serious security threats
Audit Metadata