extension-posting-to-x
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a robust per-user authentication model using OAuth 2.0 PKCE, ensuring that the canister never uses a single shared secret and that tokens remain isolated per user.
- [SAFE]: The skill explicitly mandates setting
is_replicated = ?falsefor all HTTP outcalls that handle sensitive bearer tokens. This is a vital security requirement on the Internet Computer platform to ensure that sensitive headers are sent by a single node rather than being exposed across the entire subnet. - [EXTERNAL_DOWNLOADS]: The skill requires the
x-clientdependency, which is a Motoko package hosted on the official Mops registry and whose source is maintained by the skill's author. - [COMMAND_EXECUTION]: Provides instructions to install the required dependency using the standard package manager command:
mops add x-client@0.2.3. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes arbitrary user-supplied text for posting to social media.
- Ingestion points: The
tweet(body : Text)function insrc/backend/mixins/x-posting.moaccepts external data. - Boundary markers: No specific boundary markers or 'ignore' instructions are implemented for the tweet body text.
- Capability inventory: The skill possesses network outcall capabilities to the X API via the
x-clientlibrary. - Sanitization: The skill assumes the calling agent or the underlying library handles necessary sanitization for the target platform.
Audit Metadata