twscrape
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation encourages installing the
twscrapelibrary from its official repository on GitHub (https://github.com/vladkens/twscrape.git), which is a third-party source not identified as a trusted vendor. - [CREDENTIALS_UNSAFE]: The skill requires the input of sensitive information, such as Twitter/X account passwords and email credentials, which are necessary for the library's account rotation and session management features.
- [COMMAND_EXECUTION]: Instructions include several shell commands for installing dependencies and managing user accounts via the command-line interface, which can lead to sensitive data being exposed in terminal history.
- [PROMPT_INJECTION]: The skill facilitates the processing of arbitrary data from Twitter/X, creating a surface for indirect prompt injection attacks where the agent may interpret social media content as instructions.
- Ingestion points: Untrusted data is fetched through various scraping methods such as
api.searchandapi.user_tweetsas shown inSKILL.mdandreferences/examples.md. - Boundary markers: There are no delimiters or specific instructions provided in the prompts to ensure the agent ignores instructions embedded within the scraped content.
- Capability inventory: The skill demonstrates capabilities for file system writes (e.g.,
json.dumpinreferences/examples.md) and network access required for scraping. - Sanitization: No evidence of content filtering, escaping, or validation of the fetched Twitter data is described in the provided examples.
Audit Metadata