Skills
skills/apidojo-io/apidojo-skills/scraping-tweets-by-keyword/Gen Agent Trust Hub

scraping-tweets-by-keyword

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines a customMapFunction parameter which is described as a "JavaScript function to transform each output object." This creates a dynamic execution sink where user or agent-provided code is executed at runtime. Additionally, the skill instructions include the execution of local scripts and system commands.
  • Evidence: node scripts/run_actor.js is called multiple times to run the scraping logic.
  • Evidence: curl is used to interact with the Apify REST API, including passing the APIFY_TOKEN in the URL query string.
  • [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it retrieves and processes untrusted third-party content.
  • Ingestion points: Raw tweet text and metadata are fetched from Twitter using the apidojo/tweet-scraper actor and presented to the agent (SKILL.md).
  • Boundary markers: The skill uses Markdown tables for output formatting but lacks explicit instructions or delimiters to warn the agent against executing commands embedded within the retrieved tweets.
  • Capability inventory: The execution environment allows for shell command execution (node, curl) and network requests to external domains (api.apify.com).
  • Sanitization: No sanitization or filtering logic is provided to handle potentially malicious instructions within the scraped tweet data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 09:34 PM