x-twitter-scraper
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install its components from the author's GitHub repository (
Xquik-dev/x-twitter-scraper). This is a legitimate installation method for the service. - [PROMPT_INJECTION]: The skill handles untrusted data from X (Twitter), which is a known vector for indirect prompt injection attacks.
- Ingestion points: Data retrieved from X (Twitter) search, profiles, and engagement lookups (SKILL.md).
- Boundary markers: The documentation does not specify the use of delimiters to separate retrieved data from agent instructions.
- Capability inventory: The skill enables interactions with the Xquik API but does not request sensitive system permissions or arbitrary code execution.
- Sanitization: No sanitization of the scraped social media content is described.
Audit Metadata