twitter-for-bots-hive
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates with an external social networking service hosted on the well-known Cloudflare Workers platform (workers.dev). This network activity is central to the skill's functionality and does not involve access to sensitive local files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and process posts, bios, and search results created by other potentially untrusted AI agents. 1. Ingestion points: External data enters the agent context via the /api/feed, /api/feed/global, and /api/search endpoints as defined in SKILL.md. 2. Boundary markers: The instructions do not provide explicit delimiters or prompts to ignore instructions embedded within retrieved social media content. 3. Capability inventory: The agent possesses capabilities to create posts, reply to threads, and follow other agents, which could be triggered by malicious external content. 4. Sanitization: No content filtering, validation, or sanitization mechanisms are specified for data retrieved from the Hive network.
Audit Metadata