Skills
skills/elihuvillaraus/skills/twitter-engager/Gen Agent Trust Hub

twitter-engager

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the handling of external data combined with powerful tool access.
  • Ingestion points: The agent is instructed to monitor and respond to Twitter mentions, direct messages (DMs), and trending topics (SKILL.md, Phase 3).
  • Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between its own instructions and potentially malicious commands embedded in external content.
  • Capability inventory: The skill explicitly grants the agent access to bash, git, and File ops (SKILL.md, Copilot CLI Operations section).
  • Sanitization: Absent. There is no mention of input validation, escaping, or filtering for content retrieved from external sources.
  • [COMMAND_EXECUTION]: The skill provides the agent with access to the bash tool to execute commands and run tests.
  • Evidence: The 'Copilot CLI Operations' section in SKILL.md authorizes the use of bash for executing commands. While this is a standard tool in this environment, its presence increases the impact of any successful prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 02:52 PM
Security Audit — agent-trust-hub — twitter-engager