Twitter Command Center (Search + Post)
Search X (Twitter) in real time, extract relevant posts, and publish tweets/replies instantly—perfect for social listening, engagement, and rapid content ops.
Security
2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed credentials verbatim (e.g., JSON password "xxx", proxy "user:pass", and CLI --password) and curl POST bodies that would require the agent to place real secrets directly into requests/commands if used, creating exfiltration risk.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). This skill fetches and processes user-generated content from Twitter/X via the AIsa API (see SKILL.md endpoints like /twitter/tweet/advanced_search and scripts/twitter_client.py methods such as search/user_tweets) and uses that content to drive actions (analysis, posting/liking/retweeting), which clearly exposes the agent to untrusted third-party content that could inject instructions.
- Repository
- Demerzels-lab/elsamultiskillagent
- Commit
45f9fac
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.