Skills
skills/infsh-skills/skills/twitter-automation/Gen Agent Trust Hub

twitter-automation

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the belt CLI tool to perform various Twitter operations via shell commands (e.g., belt app run x/post-tweet).
  • [EXTERNAL_DOWNLOADS]: References installation instructions and configuration files from the vendor's official GitHub repository (github.com/inference-sh).
  • [DATA_EXFILTRATION]: Transmits user-provided content (text, media URLs) to external platforms (Twitter/X) via the inference.sh API as part of its primary automation function.
  • [PROMPT_INJECTION]: Contains an indirect prompt injection surface where the agent processes external content to be posted.
  • Ingestion points: The text and media_url fields in the belt app run command inputs (SKILL.md).
  • Boundary markers: No delimiters or instructions are provided to the agent to ignore instructions embedded within the text it is tasked to post.
  • Capability inventory: Includes the ability to write to external networks (Twitter) and execute local CLI commands (belt).
  • Sanitization: No explicit sanitization or validation of the input text is mentioned within the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 11:06 AM
Security Audit — agent-trust-hub — twitter-automation