x-twitter-scraper

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from X (Twitter), such as tweets, bios, and engagement data. There are no instructions for boundary markers or data sanitization provided in the documentation to prevent malicious instructions embedded in scraped content from overriding agent behavior. Mandatory Evidence Chain:
  • Ingestion points: Scraped tweets, user bios, and engagement metrics (SKILL.md)
  • Boundary markers: Absent
  • Capability inventory: Tweet search, user lookup, extraction of followers/replies, media download (SKILL.md)
  • Sanitization: Absent.
  • [EXTERNAL_DOWNLOADS]: The documentation directs users to external resources, including a GitHub repository (github.com/Xquik-dev/x-twitter-scraper) and a third-party platform (xquik.com). These sources are required for full setup and are outside the immediate scope of the skill's provided files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:43 AM
Security Audit — agent-trust-hub — x-twitter-scraper