pp-x-twitter
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
x-twitter-pp-clibinary usingnpx -y @mvanhorn/printing-pressandgo install github.com/mvanhorn/printing-press-library. These resources are managed by the skill's author and serve the primary function of the skill. - [DATA_EXFILTRATION]: Includes a
--deliver webhook:<url>feature that enables the agent to POST command results directly to an external endpoint, which could be used to transmit account data to third-party services. - [CREDENTIALS_UNSAFE]: Provides a procedure for users to manually harvest browser session cookies (
auth_token,ct0,web_bearer) and save them to a local JSON file to enable features like Articles publishing that are not available via OAuth. - [COMMAND_EXECUTION]: The skill drives a local binary and utilizes a
whichcommand that performs natural-language matching to identify subcommands, increasing the complexity of the execution environment. - [PROMPT_INJECTION]: The skill processes markdown files through commands like
thread composeandarticles-publish-md. This represents an indirect prompt injection surface as documented below: - Ingestion points: Markdown files (
draft.md) containing YAML frontmatter and body content are read and parsed by the CLI. - Boundary markers: None identified in the provided instructions for separating untrusted file content from command logic.
- Capability inventory: The skill has the ability to write to files (
--deliver file), send data to URLs (--deliver webhook), and interact with the X API via thex-twitter-pp-clibinary. - Sanitization: No explicit sanitization or validation of the markdown content or frontmatter fields is mentioned before processing.
Audit Metadata