Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from Twitter/X (such as tweet text and user biographies) which could contain malicious instructions designed to influence the agent behavior.\n
- Ingestion points: Found in
client.pywithin theTwitterApiClientclass methods that fetch tweets, replies, and user profiles.\n - Boundary markers: Absent. The skill does not wrap retrieved external content in delimiters or provide instructions to ignore potentially malicious embedded content.\n
- Capability inventory: Analysis of all scripts (including
tools.pyandclient.py) confirms that the skill is limited to making read-only HTTP GET requests via a proxied client; no subprocess calls, file writing, or dynamic code execution capabilities are present.\n - Sanitization: Absent. The data retrieved from the external API is returned to the agent context without additional filtering or sanitization.
Audit Metadata