Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill performs network requests to 'api.twitterapi.io', which is not among the trusted external sources. This is considered a low-level risk as it is the primary purpose of the skill, but users should be aware of the external data flow. Evidence found in 'scripts/twitter_api.py'.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection due to the ingestion of untrusted external data.\n
- Ingestion points: Multiple scripts (e.g., 'scripts/get_tweet.py', 'scripts/search_tweets.py', 'scripts/get_article.py') retrieve text content from Twitter/X.\n
- Boundary markers: Absent. The retrieved content is not wrapped in protective delimiters or warnings to ignore embedded instructions.\n
- Capability inventory: The skill possesses network communication capabilities via the 'urllib' library in 'scripts/twitter_api.py'.\n
- Sanitization: No sanitization or safety checks are performed on the retrieved text content before it is processed by the AI agent.
Audit Metadata