Skills
skills/toolshell/skills/twitter-automation/Gen Agent Trust Hub

twitter-automation

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation references the use of npx skills add to install the inference-sh/skills package, which is a standard method for extending agent capabilities within this ecosystem.
  • [COMMAND_EXECUTION]: The skill utilizes the infsh CLI tool via Bash commands to interact with the Twitter/X API. This includes executing sub-commands like app run x/post-tweet and app run x/dm-send to perform its intended functions.
  • [DATA_EXFILTRATION]: The skill performs legitimate network operations to the inference.sh and Twitter/X APIs to transmit user-defined content, such as tweet text and direct messages, as part of its primary automation purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface as it processes external text inputs (e.g., tweet content) which are then used in automated actions (posting to social media). While this creates a potential for the agent to be influenced by data it retrieves and subsequently posts, no specific malicious injection patterns were found in the static configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:03 PM