twitter-search
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The wrapper script
scripts/run_search.shreads and parses~/.bashrcand~/.zshrcto extract theTWITTER_API_KEY. Accessing these files is risky as they often contain other sensitive credentials and environment variables. - [COMMAND_EXECUTION]: In
scripts/run_search.sh, the script usesevalon the output of agrepcommand targeting shell configuration files. This pattern can lead to arbitrary command execution if the configuration file contains maliciously crafted lines. - [EXTERNAL_DOWNLOADS]: The shell script
scripts/run_search.shautomatically triggerspip3 install requests --userif the dependency is missing, which constitutes an unverified runtime download of external code. - [DATA_EXFILTRATION]: The Python script
scripts/twitter_search.pytransmits the user's API key and search parameters to a non-whitelisted third-party domainhttps://api.twitterapi.io. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted tweet content from an external source.
- Ingestion points: Data enters the system via
scripts/twitter_search.pywhich fetches tweet text from the Twitter API. - Boundary markers: The instructions in
SKILL.mddo not specify the use of delimiters or 'ignore' instructions for the agent when processing the fetched tweet text. - Capability inventory: The skill has the capability to execute shell commands and perform network operations via
scripts/run_search.shandscripts/twitter_search.py. - Sanitization: There is no evidence of sanitization or filtering of the tweet content before it is passed to the agent for analysis and report generation.
Audit Metadata