twitter-thread-creation

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the belt CLI to perform operations such as posting tweets (x/post-create), generating images (infsh/html-to-image), and taking screenshots (infsh/agent-browser). These actions are aligned with the skill's stated purpose of social media content creation.
  • [EXTERNAL_DOWNLOADS]: The skill references a CLI installation script and supplementary skill modules hosted on the inference-sh GitHub organization. These resources are part of the core infrastructure for the tools described in the documentation.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to fetch and integrate additional skill components (npx skills add). This allows for the dynamic inclusion of platform-native features.
  • [PROMPT_INJECTION]: The skill processes external data retrieved from web searches and browser actions to generate social media content. This creates an attack surface for indirect prompt injection where malicious instructions in third-party web content could potentially influence the agent's output.
  • Ingestion points: External data enters the agent's context through tools like tavily/search-assistant and infsh/agent-browser as shown in the examples in SKILL.md.
  • Boundary markers: The prompt templates do not explicitly include delimiters or instructions to ignore commands within the retrieved data.
  • Capability inventory: The skill has access to the Bash tool and can write to external platforms via x/post-create.
  • Sanitization: Content from external sources is used directly to construct social media posts without evidence of sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 07:21 PM
Security Audit — agent-trust-hub — twitter-thread-creation