Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses curl and jq to interact with the Twitter API. These tools are used appropriately for network requests and JSON processing within the scope of the skill's purpose.
- [EXTERNAL_DOWNLOADS]: Data is retrieved from api.twitter.com. As this is a well-known and official service domain, the communication is documented neutrally as a safe operation.
- [PROMPT_INJECTION]: The skill ingests untrusted data from an external source (Twitter), creating a potential surface for indirect prompt injection. 1. Ingestion points: Tweet text and user descriptions are fetched from api.twitter.com via curl in SKILL.md. 2. Boundary markers: No explicit delimiters or boundary markers are used to wrap the untrusted content. 3. Capability inventory: The skill uses curl and jq for processing, which operate with the privileges of the agent environment. 4. Sanitization: While jq parses the JSON structure and extracts specific fields, the raw string content is not sanitized for potential instructions or prompt injection attacks before being returned.
Audit Metadata