twitter-brief
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions specify reading sensitive login information (username and password) from a local file 'references/credentials.md'. This practice stores credentials in plain text on the file system, making them vulnerable to unauthorized access or exposure if the agent's environment is compromised.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by ingesting untrusted data from Twitter feeds and bookmarks.
- Ingestion points: Content is fetched dynamically from 'https://x.com/home' and 'https://x.com/i/bookmarks'.
- Boundary markers: No delimiters or instructions are provided to the agent to disregard potential commands embedded within the scraped tweets.
- Capability inventory: The agent can automate a browser (Playwright), generate external content (NotebookLM), and send emails (Gmail), which could be abused if malicious instructions are processed.
- Sanitization: The skill lacks mechanisms to sanitize or validate the external content before it is interpolated into prompts for summarization or podcast generation.
Recommendations
- AI detected serious security threats
Audit Metadata