peep
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill requires access to sensitive browser profile directories (e.g.,
~/Library/Application Support/Google/Chrome/,~/.mozilla/firefox/) to extract session cookies for authentication. Access to these paths exposes sensitive user credentials and session data.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands, including thepeepCLI, file system operations (mkdir,cat), and data processing pipelines involvingcurl,jq, andxargsfor media management.\n- [EXTERNAL_DOWNLOADS]: The skill requires cloning its source code from its GitHub repository (github.com/devskale/peep.git) and includes instructions for usingcurlto download media content from external URLs provided by the Twitter API.\n- [PROMPT_INJECTION]: The skill fetches content from external sources (tweets, search results, and news) which creates a surface for indirect prompt injection. Malicious data from these sources could influence the agent's behavior.\n - Ingestion points: Data enters the context via commands like
peep read,peep search,peep home, andpeep news.\n - Boundary markers: Absent; there are no instructions to the agent to isolate or ignore embedded commands in the fetched data.\n
- Capability inventory: The skill provides write-access capabilities including
peep tweet,peep reply,peep follow, andpeep unfollow.\n - Sanitization: Absent; the skill does not perform validation or filtering on fetched text before it is presented to the agent.
Audit Metadata