Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows best practices for data retrieval and uses environment variables for secret management.
- [EXTERNAL_DOWNLOADS]: Fetches data from
api.twitterapi.io. This is the primary and intended function of the skill to provide Twitter/X data to the agent. - [DATA_EXFILTRATION]: Uses the
TWITTER_API_KEYenvironment variable for authentication via theX-API-Keyheader. There is no evidence of harvesting sensitive local files or credentials. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the internet (Tweets). However, the instructions in
SKILL.mdstrictly prohibit the agent from using this data to trigger shell commands (bash) or file operations (write_file), minimizing the impact of potential injection attacks.
Audit Metadata