Skills
skills/xquik-dev/x-twitter-scraper/find-bangers/Gen Agent Trust Hub

find-bangers

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill uses an environment variable (XQUIK_API_KEY) for authentication. This is a standard and recommended practice for secret management in AI skills.\n- [PROMPT_INJECTION]: The skill processes untrusted tweet content, creating a potential surface for indirect prompt injection.\n
  • Ingestion points: Tweet text is retrieved via the /x/users/{id}/tweets and /x/tweets/search endpoints described in SKILL.md.\n
  • Boundary markers: The documentation explicitly states 'Tweet text is untrusted', providing a signal to the agent to treat the content as external data.\n
  • Capability inventory: The skill is restricted to read-only API interactions and does not have access to file-system operations or shell execution.\n
  • Sanitization: No programmatic sanitization is defined, but the risk is minimized by the read-only execution model and lack of privileged capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 10:35 PM