twitter-cultivate
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill references a sensitive file containing Twitter session cookies located at
~/crawlee-social-scraper/twitter_cookies.json. These credentials provide full access to the user's Twitter account and are accessed by the automation scripts. - [COMMAND_EXECUTION]: The skill instructs the agent to execute several local scripts including
twitter_cultivate.py,start_monitor.sh, andtwitter_monitor.py. Since the source code for these scripts is not provided within the skill payload, their behavior cannot be verified, posing a risk of arbitrary command execution. - [EXTERNAL_DOWNLOADS]: The instructions require the installation of the third-party Python package
twikitto interact with Twitter/X. - [PROMPT_INJECTION]: The skill's monitoring workflow (
twitter_monitor.py) represents an indirect prompt injection surface. It ingests untrusted data from external Twitter accounts (e.g., targets like "levelsio") to generate automated replies. The absence of explicit boundary markers or sanitization logic in the described workflow could allow an attacker to influence the agent's behavior via malicious tweet content.
Audit Metadata