Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to
https://api.twitterapi.ioto fetch social media data. While this is the primary purpose of the skill, the domain is not on the standard whitelisted list for this platform. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it fetches and processes untrusted content from Twitter/X.
- Ingestion points: Data is ingested via
client.pyfrom multiple endpoints ofapi.twitterapi.io, including tweet search results, user profiles, and replies. - Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions that may be embedded in the retrieved tweets or bios.
- Capability inventory: The skill provides data reading capabilities that are intended to be consumed by an agent typically equipped with shell execution and file system access.
- Sanitization: Absent. The data returned by the API is passed directly to the agent without filtering or sanitization of potential command patterns or instructions.
- [COMMAND_EXECUTION]: The skill documentation in
SKILL.mdinstructs the agent to execute Python code via bash blocks to utilize the skill's internal logic. This is a standard operational pattern for script-mode skills but involves the execution of code on the host environment.
Audit Metadata