twitter-reader
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests to r.jina.ai, which is a non-whitelisted third-party domain. While essential for the skill's purpose, this involves sending target URLs and the JINA_API_KEY to an external service.
- [Indirect Prompt Injection] (LOW): The skill fetches untrusted content from Twitter posts, which may contain malicious instructions designed to influence the agent.
- Ingestion points: Content is retrieved via scripts/fetch_tweet.py and scripts/fetch_tweets.sh using the Jina.ai API.
- Boundary markers: Absent. The retrieved content is returned as raw Markdown without delimiters or warnings.
- Capability inventory: The skill uses subprocess.run to execute curl (network-read) and Path.write_text to save content to a user-specified file (file-write).
- Sanitization: None. The skill does not filter or sanitize the Markdown content before it is presented to the agent.
- [Command Execution] (SAFE): The scripts use subprocess.run with argument lists and correctly quoted bash variables to execute curl. This prevents shell injection vulnerabilities and is the intended primary purpose of the skill.
Audit Metadata