laniameda-x-post
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts using the shell, specifically calling
~/.agents/skills/x-tweet-fetcher/scripts/fetch_tweet.pyand potentially other script-based tools likeskill-creatorandlaniameda-gallery-ingestduring its workflow. - [EXTERNAL_DOWNLOADS]: The primary function of the skill is to fetch data from external, untrusted sources including X/Twitter, YouTube, and arbitrary URLs. It uses the Supadata API for video transcripts and scraping, and a local 'camofox' browser service to bypass bot detection on various platforms.
- [REMOTE_CODE_EXECUTION]: The skill implements a 'Skill Upgrade' protocol where it dynamically generates patches for existing skills or creates entirely new skill folders and
SKILL.mdfiles based on content extracted from the web. Although it requires user approval before writing, this pattern allows untrusted external data to influence the agent's future logic and instructions. - [INDIRECT_PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection due to its recursive ingestion of web content.
- Ingestion points: Fetches raw text from tweets, replies, linked articles, and YouTube transcripts (Step 1 and Step 3 of the workflow).
- Boundary markers: No boundary markers or 'ignore embedded instructions' prompts are specified to prevent the model from obeying instructions found within the fetched content.
- Capability inventory: The skill can execute local scripts, write to the filesystem (~/work/laniameda/hq/), and modify the core instructions (skills) of the agent platform.
- Sanitization: There is no evidence of sanitization, filtering, or validation performed on the external content before it is processed or used to generate new skill code.
Audit Metadata