twitter-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves untrusted data from Twitter (via search, bookmarks, and post lookups) and provides the agent with write capabilities like creating or deleting posts.
- Ingestion points: External data enters through search and lookup tools in SKILL.md.
- Boundary markers: The skill lacks instructions to delimit or ignore instructions within the retrieved content.
- Capability inventory: The agent can perform impactful actions including posting and deleting content.
- Sanitization: No validation or sanitization of retrieved tweet content is specified.
- [EXTERNAL_DOWNLOADS]: The skill requires the user to connect to an external MCP server at https://rube.app/mcp, which serves as the provider for the automation tools.
Audit Metadata