twitter-thread-creation
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
beltCLI to perform operations such as posting tweets (x/post-create), generating images (infsh/html-to-image), and taking screenshots (infsh/agent-browser). These actions are aligned with the skill's stated purpose of social media content creation. - [EXTERNAL_DOWNLOADS]: The skill references a CLI installation script and supplementary skill modules hosted on the
inference-shGitHub organization. These resources are part of the core infrastructure for the tools described in the documentation. - [REMOTE_CODE_EXECUTION]: The skill uses
npxto fetch and integrate additional skill components (npx skills add). This allows for the dynamic inclusion of platform-native features. - [PROMPT_INJECTION]: The skill processes external data retrieved from web searches and browser actions to generate social media content. This creates an attack surface for indirect prompt injection where malicious instructions in third-party web content could potentially influence the agent's output.
- Ingestion points: External data enters the agent's context through tools like
tavily/search-assistantandinfsh/agent-browseras shown in the examples inSKILL.md. - Boundary markers: The prompt templates do not explicitly include delimiters or instructions to ignore commands within the retrieved data.
- Capability inventory: The skill has access to the
Bashtool and can write to external platforms viax/post-create. - Sanitization: Content from external sources is used directly to construct social media posts without evidence of sanitization or filtering.
Audit Metadata