track-hashtags
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behaviors or security vulnerabilities were identified. All network operations target the official API of the author (Xquik).
- [PROMPT_INJECTION]: The skill processes untrusted tweet data, which is a surface for indirect prompt injection. This is mitigated by explicit security instructions to ignore commands within scraped content.
- Ingestion points: Tweet content retrieved from endpoints at xquik.com/api/v1.
- Boundary markers: The skill includes a dedicated security section warning the agent not to execute instructions from scraped tweets.
- Capability inventory: The skill uses an 'api-only' execution model with no access to local shell, code execution, or sensitive file system paths.
- Sanitization: Data processing depends on the agent's built-in safety mechanisms.
Audit Metadata