Skills
skills/nousresearch/hermes-agent/xitter/Gen Agent Trust Hub

xitter

Warn

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install the x-cli tool directly from a third-party GitHub repository (https://github.com/Infatoshi/x-cli.git) using the uv package manager.
  • [REMOTE_CODE_EXECUTION]: The installation command uv tool install git+https://github.com/Infatoshi/x-cli.git fetches and installs executable code from an external, unverified source onto the local system.
  • [COMMAND_EXECUTION]: The skill is designed to execute various shell commands using the installed x-cli tool. These commands often include arguments derived from user input or external data (e.g., tweet content, search queries), which are passed directly to the shell.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests untrusted data from the X API (such as tweet content, mentions, and search results) and provides the agent with capabilities to perform actions (like posting or deleting tweets) based on that data.
  • Ingestion points: x-cli tweet search, x-cli user timeline, x-cli me mentions, and x-cli me bookmarks (SKILL.md).
  • Boundary markers: None explicitly defined in the provided instructions to isolate external data from instructions.
  • Capability inventory: x-cli tweet post, x-cli tweet reply, x-cli tweet delete, x-cli like, and x-cli retweet (SKILL.md).
  • Sanitization: The instructions recommend user confirmation for write actions, but do not specify technical sanitization or validation of the ingested content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 05:51 PM