pp-x-twitter
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
x-twitter-pp-cliandx-twitter-pp-mcpbinaries. It recommends usingnpxwith the@mvanhorn/printing-presspackage andgo installfromgithub.com/mvanhorn/printing-press-library. These resources are provided by the skill's author. - [COMMAND_EXECUTION]: The skill's functionality is built around executing shell commands, specifically the
x-twitter-pp-clibinary. It also provides a Python script to extract GraphQL hashes from HAR files and update local configuration. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>feature that allows the agent to send command results, which may contain user data or API responses, to a specified URL. Additionally, thefeedbackcommand supports sending local data to an external endpoint via theX_FEEDBACK_ENDPOINTenvironment variable. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks.
- Ingestion points: The agent retrieves untrusted data from the X platform, such as tweets, direct messages, and chat content (e.g., via
tweets search-posts-recentorchat get-conversation). - Boundary markers: There are no instructions for using delimiters or protective prompts to prevent the agent from following instructions hidden within the data retrieved from X.
- Capability inventory: The CLI can perform file writes (
--deliver file:<path>) and network POST requests (--deliver webhook:<url>), which could be abused if the agent is manipulated by injected content. - Sanitization: The skill does not describe any mechanisms for sanitizing or validating the data retrieved from external APIs before processing.
Audit Metadata