twitter

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to https://api.twitterapi.io to fetch social media data. While this is the primary purpose of the skill, the domain is not on the standard whitelisted list for this platform.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it fetches and processes untrusted content from Twitter/X.
  • Ingestion points: Data is ingested via client.py from multiple endpoints of api.twitterapi.io, including tweet search results, user profiles, and replies.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions that may be embedded in the retrieved tweets or bios.
  • Capability inventory: The skill provides data reading capabilities that are intended to be consumed by an agent typically equipped with shell execution and file system access.
  • Sanitization: Absent. The data returned by the API is passed directly to the agent without filtering or sanitization of potential command patterns or instructions.
  • [COMMAND_EXECUTION]: The skill documentation in SKILL.md instructs the agent to execute Python code via bash blocks to utilize the skill's internal logic. This is a standard operational pattern for script-mode skills but involves the execution of code on the host environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 12:33 AM
Security Audit — agent-trust-hub — twitter