Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill reads sensitive credentials from the local filesystem. Specifically,
x-search/lib/api.tsaccesses~/.config/env/global.envand~/.claude/skills/twitter/.envto retrieve X API Bearer tokens and OAuth 1.0a secrets. - [EXTERNAL_DOWNLOADS]: The skill requires installing external tools from third-party sources not included in the trusted vendor list.
SKILL.mdinstructs users to install thebirdCLI viabrew install steipete/tap/birdornpm install -g @steipete/bird, and to runnpx smaug setupfor archival features. - [COMMAND_EXECUTION]: The skill executes multiple external commands and tools to function. It uses the
bunruntime for its main script, invokes thebirdCLI for session-based operations, and usesnpxto manage thesmaugtool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external tweet data.
- Ingestion points: Fetches tweet content from the X API via
x-search/lib/api.ts. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the tweet text.
- Capability inventory: The skill can write to the local filesystem (e.g., saving research markdown files and updating
watchlist.jsoninx-search/x-search.ts) and perform network operations such as posting or replying to tweets. - Sanitization: Sanitization is minimal in
x-search/lib/format.ts, focusing on display formatting rather than security-focused escaping of potential injection payloads.
Audit Metadata