twitter-image-downloader
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The script uses curl to download files from pbs.twimg.com. This is the intended purpose but constitutes external network activity.
- COMMAND_EXECUTION (LOW): The script executes shell utilities like curl and sed. While variables are quoted, the lack of sanitization on extracted URLs could affect tool behavior.
- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The skill processes untrusted Markdown content to extract URLs. 1. Ingestion points: The scripts/download.sh script. 2. Boundary markers: None present. 3. Capability inventory: File system writes, network downloads, and file modification. 4. Sanitization: None beyond regex matching.
Audit Metadata