x-tweet-by-conversation

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs legitimate data collection from X (Twitter) using the user's active browser session and standard network capture tools provided by the environment.
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts included in the package (scripts/build-conversation-url.py and scripts/parse-tweets.py) to construct URLs and parse JSON data. These scripts use only standard Python libraries and do not perform any network operations themselves.
  • [PROMPT_INJECTION]: The skill processes data from an external source (X.com) which constitutes an indirect prompt injection surface. However, the skill only extracts structured data (text, IDs, metrics) and does not execute or interpret the content, which is standard for data collection skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 11:21 AM
Security Audit — agent-trust-hub — x-tweet-by-conversation