twitter-cultivate
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires users to manually export and store Twitter session cookies (auth_token and ct0) in a local file named twitter_cookies.json. These credentials provide full administrative access to the user's account.
- [EXTERNAL_DOWNLOADS]: Instructions specify installing the rnet Python package using pip install. This package does not originate from a trusted organization or well-known service provider, and the use of a pre-release version increases risk.
- [PROMPT_INJECTION]: The skill ingests untrusted data from Twitter search results and user tweets, creating a surface for indirect prompt injection. * Ingestion points: client.get_user_tweets and client.search_tweets (SKILL.md) * Boundary markers: Absent; no delimiters or safety warnings are used for external tweet content * Capability inventory: Python execution environment with network access (SKILL.md) * Sanitization: Absent; no validation or escaping of external tweet content is performed before analysis.
Audit Metadata