twitter-cli-skill

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains multiple intentional abuse-enabling features—automatic browser cookie extraction (including instructions to modify keychain access), full cookie forwarding, and anti-detection techniques (TLS fingerprinting, request jitter, proxy/residential-proxy guidance)—which collectively facilitate credential theft, covert account control and evasion of platform detection, representing a high risk for malicious use even if the stated purpose is convenience.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes fetching and scraping Twitter/X content (feeds, search results, bookmarks, tweet details, articles, user posts) from x.com using browser cookie extraction and provides --json/--yaml structured output "for AI agent pipelines" (e.g., "twitter feed", "twitter search", "twitter bookmarks" examples and the "AI Agent Usage" section), so the agent will ingest untrusted, user-generated social media content that can influence subsequent actions.