Skills
skills/steipete/agent-scripts/release-tweets/Gen Agent Trust Hub

release-tweets

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the macOS pbcopy command to allow drafted content to be copied to the system clipboard upon user request.
  • [COMMAND_EXECUTION]: The instructions reference specific local CLI tools, bird and xurl, which are intended for posting content to social media platforms within the author's local environment.
  • [PROMPT_INJECTION]: The skill processes potentially untrusted data from local CHANGELOG.md files and external GitHub release notes, presenting a surface for indirect prompt injection. 1. Ingestion points: Local CHANGELOG.md files and GitHub release notes. 2. Boundary markers: The instructions do not define specific delimiters or guards to separate the ingested changelog content from the agent's internal logic. 3. Capability inventory: The agent has access to system clipboard operations via pbcopy and social media posting capabilities via the bird and xurl tools. 4. Sanitization: No explicit sanitization or validation of the ingested text is performed before it is used to generate the final tweet drafts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 06:38 AM