Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from Twitter (mentions, searches, timeline) and possesses high-privilege capabilities including posting tweets and managing followers. This creates a significant surface for Indirect Prompt Injection attacks. 1. Ingestion points: Twitter API mentions and search results (SKILL.md). 2. Boundary markers: Absent in provided instructions. 3. Capability inventory: 'Post tweets', 'Manage followers', and 'Schedule posts' (SKILL.md). 4. Sanitization: No sanitization or filtering logic is documented or provided.
- No Code (INFO): The skill submission only includes documentation (SKILL.md) and metadata (_meta.json). No functional implementation code (scripts or binaries) was provided for analysis, meaning the actual execution logic remains unverified.
- Data Exposure (LOW): The skill requires sensitive environment variables for API authentication. While expected for a Twitter integration, the safety of their handling cannot be confirmed without the implementation code.
Recommendations
- AI detected serious security threats
Audit Metadata