twitter-crawler
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.
- Ingestion points: Untrusted content is retrieved from the Twitter API and processed in
scripts/fetch_tweets.pyandscripts/fetch_single_tweet.py. - Boundary markers: The skill uses Markdown blockquotes (
>) to delimit tweet content in its output, but does not provide explicit instructions to the agent to ignore any commands contained within the fetched text. - Capability inventory: The skill is granted access to powerful tools including
Bash,Read,Write, andEdit. - Sanitization: There is no evidence of sanitization or filtering of the tweet text to remove potentially malicious instructions before it is presented to the agent.
- [DATA_EXFILTRATION]: Access to sensitive credential files on the system.
- The scripts are configured to read a Twitter
auth_tokenfrom a hardcoded path:~/Documents/trend-crawler-master/trend-crawler/config.yaml. - While this is documented for the skill's primary functionality, accessing sensitive configuration files from a separate project directory represents a data exposure risk.
- [EXTERNAL_DOWNLOADS]: Reliance on third-party libraries and local environment configuration.
- The skill depends on the
tweety(ortweety-ns) andpyyamlPython packages. scripts/fetch_tweets.pycontains logic to resolve dependencies from a specific virtual environment path on the user's filesystem, which may lead to runtime errors or unexpected behavior if the environment is not correctly configured.
Audit Metadata