pp-x-twitter

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the x-twitter-pp-cli binary using npx -y @mvanhorn/printing-press and go install github.com/mvanhorn/printing-press-library. These resources are managed by the skill's author and serve the primary function of the skill.
  • [DATA_EXFILTRATION]: Includes a --deliver webhook:<url> feature that enables the agent to POST command results directly to an external endpoint, which could be used to transmit account data to third-party services.
  • [CREDENTIALS_UNSAFE]: Provides a procedure for users to manually harvest browser session cookies (auth_token, ct0, web_bearer) and save them to a local JSON file to enable features like Articles publishing that are not available via OAuth.
  • [COMMAND_EXECUTION]: The skill drives a local binary and utilizes a which command that performs natural-language matching to identify subcommands, increasing the complexity of the execution environment.
  • [PROMPT_INJECTION]: The skill processes markdown files through commands like thread compose and articles-publish-md. This represents an indirect prompt injection surface as documented below:
  • Ingestion points: Markdown files (draft.md) containing YAML frontmatter and body content are read and parsed by the CLI.
  • Boundary markers: None identified in the provided instructions for separating untrusted file content from command logic.
  • Capability inventory: The skill has the ability to write to files (--deliver file), send data to URLs (--deliver webhook), and interact with the X API via the x-twitter-pp-cli binary.
  • Sanitization: No explicit sanitization or validation of the markdown content or frontmatter fields is mentioned before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:53 AM
Security Audit — agent-trust-hub — pp-x-twitter