twitter-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Communicates with the well-known Apify REST API (api.apify.com) to perform scraping tasks.
- [SAFE]: Manages API authentication securely using the APIFY_API_TOKEN environment variable, avoiding hardcoded credentials.
- [SAFE]: Uses the standard requests library for network operations without unauthorized command execution or privilege escalation.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: Untrusted tweet content is retrieved from the Apify dataset in
scripts/search_twitter.py. - Boundary markers: Missing markers or instructions to isolate the scraped content from the agent's logic.
- Capability inventory: The skill includes network access to Apify and outputs scraped data to the agent's context.
- Sanitization: Does not sanitize or filter the content of tweets before presenting them to the agent.
Audit Metadata