Skills
skills/bklit/bklit-ui/add-x-tweet/Gen Agent Trust Hub

add-x-tweet

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script located at .agents/skills/add-x-tweet/scripts/fetch-tweet.mjs to retrieve and format tweet metadata.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to api.fxtwitter.com and publish.twitter.com to fetch tweet details. These are well-known third-party services used for retrieving social media metadata.
  • [DATA_EXFILTRATION]: While the skill communicates with external domains not on the standard whitelist, the operations are limited to fetching data based on user-provided URLs. No sensitive local credentials or system files are accessed or transmitted.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (tweet content) from external sources and instructs the agent to interpolate this content into a project file (apps/web/lib/testimonials.ts).
  • Ingestion points: Data is fetched via api.fxtwitter.com from arbitrary tweet URLs provided by the user.
  • Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent when writing the fetched content into the TypeScript file.
  • Capability inventory: The agent has file-write access to the repository and can execute local scripts via Node.js.
  • Sanitization: No content sanitization or escaping is performed on the content field beyond basic whitespace trimming and prefix removal, which could allow malicious tweet content to disrupt the TypeScript file structure or influence subsequent agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:03 PM
Security Audit — agent-trust-hub — add-x-tweet