extension-posting-to-x

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a robust per-user authentication model using OAuth 2.0 PKCE, ensuring that the canister never uses a single shared secret and that tokens remain isolated per user.
  • [SAFE]: The skill explicitly mandates setting is_replicated = ?false for all HTTP outcalls that handle sensitive bearer tokens. This is a vital security requirement on the Internet Computer platform to ensure that sensitive headers are sent by a single node rather than being exposed across the entire subnet.
  • [EXTERNAL_DOWNLOADS]: The skill requires the x-client dependency, which is a Motoko package hosted on the official Mops registry and whose source is maintained by the skill's author.
  • [COMMAND_EXECUTION]: Provides instructions to install the required dependency using the standard package manager command: mops add x-client@0.2.3.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes arbitrary user-supplied text for posting to social media.
  • Ingestion points: The tweet(body : Text) function in src/backend/mixins/x-posting.mo accepts external data.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are implemented for the tweet body text.
  • Capability inventory: The skill possesses network outcall capabilities to the X API via the x-client library.
  • Sanitization: The skill assumes the calling agent or the underlying library handles necessary sanitization for the target platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:54 PM
Security Audit — agent-trust-hub — extension-posting-to-x