x-api
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security model for publishing content, including a mandatory human-in-the-loop confirmation gate (Phase 2) that prevents the agent from posting without explicit user approval.
- [SAFE]: Security best practices for secret management are enforced, requiring credentials to be read from environment variables and explicitly prohibiting the storage or passing of secrets in insecure ways (e.g., as command-line arguments).
- [SAFE]: The skill uses a local, deterministic Python script for all network operations, which minimizes the risk of command injection and ensures rate-limit and content-length validation occurs before API calls are made.
- [SAFE]: While the skill ingests external data from the X API (timeline and search results), it primarily uses this data for reporting metrics and status, presenting a minimal surface for indirect prompt injection under the intended use cases.
Audit Metadata