Skills
skills/rightnow-ai/openfang/twitter-hand-skill/Gen Agent Trust Hub

twitter-hand-skill

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on shell_exec to perform all Twitter API interactions via curl and to execute Python one-liners for environment detection.
  • [EXTERNAL_DOWNLOADS]: The agent is configured to use web_search and web_fetch to retrieve trending information and news from external, untrusted web sources.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it incorporates data from web searches directly into the content generation pipeline.
  • Ingestion points: web_search and web_fetch (Phase 2 of the agent prompt).
  • Boundary markers: None specified for the ingested web content.
  • Capability inventory: shell_exec (curl), file_write, schedule_create.
  • Sanitization: No explicit escaping or filtering logic is provided for external data beyond general safety guidelines and a human-in-the-loop approval_mode toggle.
  • [CREDENTIALS_UNSAFE]: The skill manages a sensitive TWITTER_BEARER_TOKEN by injecting it into shell commands as an environment variable. While the token is not hardcoded, this pattern presents a risk of exposure if the shell command construction is compromised by malicious input.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 03:51 PM