Skills
skills/ttmouse/skills/twitter-to-obsidian/Gen Agent Trust Hub

twitter-to-obsidian

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection as it ingests untrusted data from the web and possesses file-write capabilities.
  • Ingestion points: Uses mcp__chrome-devtools__take_snapshot to pull content from arbitrary Twitter/X URLs.
  • Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potential commands embedded within the extracted content.
  • Capability inventory: Possesses a 'Write tool' capable of modifying the local file system.
  • Sanitization: Absent. Content is processed and written to disk without any stated validation or escaping.
  • [DATA_EXFILTRATION] (MEDIUM): The skill hardcodes an absolute local file path: /Users/douba/Library/Mobile Documents/com~apple~CloudDocs/douba-OB/. This constitutes information disclosure by revealing a specific local username ('douba') and the user's directory structure to any agent or entity using the skill.
  • [COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to perform file system operations ('Write tool') based on processed external input. Without proper sandboxing or input validation, this allows for the creation of arbitrary files in sensitive local directories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:08 PM