x-twitter-scraper

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements exemplary security guardrails, specifically designed to handle untrusted content from social media. It instructs the agent to wrap all X-authored text in <XQUIK_UNTRUSTED_X_CONTENT> boundary markers to prevent indirect prompt injection and treats all retrieved data as non-executable text.
  • [SAFE]: All state-changing actions (tweeting, liking, following, DMs) and credit-consuming operations require explicit user approval. This 'human-in-the-loop' requirement effectively mitigates risks associated with autonomous execution or unintended resource consumption.
  • [SAFE]: Credential handling is restricted to the platform-managed XQUIK_API_KEY. The skill explicitly forbids the collection or handling of X (Twitter) passwords, session cookies, or 2FA codes, directing users to the official dashboard for account management.
  • [SAFE]: Data exfiltration risks are minimized by whitelisting xquik.com and requiring explicit confirmation for any user-defined webhook destinations. No evidence of obfuscation or unauthorized network activity was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:09 AM
Security Audit — agent-trust-hub — x-twitter-scraper