Skills
skills/varnan-tech/opendirectory/tweet-thread-from-blog/Gen Agent Trust Hub

tweet-thread-from-blog

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from external websites and uses it to generate content for social media posts.
  • Ingestion points: Untrusted data enters the agent context in SKILL.md under 'Step 2: Fetch and Extract Content', where the agent is instructed to fetch and read all body text from a user-provided URL or pasted text.
  • Boundary markers: The instructions lack explicit boundary markers or delimiters (e.g., XML tags or triple backticks) to separate the fetched content from the agent's instructions, and there are no specific directives to ignore instructions embedded within the source material.
  • Capability inventory: The skill has the capability to post content to an external platform (Twitter/X) using Composio tools (TWITTER_CREATION_OF_A_POST) as described in SKILL.md (Step 7).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill uses tools like WebFetch or Chrome DevTools MCP to retrieve content from arbitrary third-party URLs provided by the user. This is an intended functionality but serves as the entry point for untrusted data.
  • [COMMAND_EXECUTION]: The skill invokes external tools via the Composio platform to create posts on Twitter/X. While these are authenticated tool calls, they can be manipulated if the agent's instructions are compromised via indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:59 PM
Security Audit — agent-trust-hub — tweet-thread-from-blog