twitter-poster
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFE
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): Hardcoded sensitive credentials detected in
SKILL.md. - Evidence: The 'Authentication' section explicitly lists a 'Consumer Secret', 'Access Token Secret', 'Bearer Token', and 'OAUTH2_CLIENT_SECRET'.
- Impact: Anyone with access to the skill files can impersonate the Twitter account associated with these keys.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (business news and reports) which could contain malicious instructions.
- Ingestion points: External business news, reports, and insights mentioned in the 'Purpose' section.
- Boundary markers: Absent; the skill does not define delimiters to separate ingested data from agent instructions.
- Capability inventory: The skill is granted 'Read', 'Write', and 'Bash' tools in the YAML frontmatter, providing a significant attack surface if instructions are injected.
- Sanitization: No sanitization or validation of the news content is described before formatting and posting.
Recommendations
- AI detected serious security threats
Audit Metadata