search-x
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves untrusted data from an external source (Twitter/X) and incorporates it into the agent's context without sanitization or delimiters.
- Ingestion points: Tweet content is retrieved via the xAI Responses API in scripts/search.js.
- Boundary markers: The script does not utilize delimiters or specific instructions to the agent to treat the retrieved content as untrusted data.
- Capability inventory: The skill has the ability to perform network requests to xAI and read local configuration files for API keys.
- Sanitization: There is no evidence of content filtering or escaping of the retrieved tweets before they are presented to the agent.
- [SAFE]: All network operations are directed at a well-known service domain (api.x.ai).
- [SAFE]: The skill handles API credentials using standard practices, such as environment variables and localized configuration files.
Audit Metadata