x-research
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data from X (Twitter).
- Ingestion points: Data enters the context via
/x search,/x profile, and/x threadcommands which retrieve public tweets. - Boundary markers: Absent. There are no instructions provided to the agent to treat retrieved tweet content as data only or to ignore embedded instructions.
- Capability inventory: The skill appears limited to data retrieval and display (read-only), which mitigates the impact of potential injections.
- Sanitization: No sanitization or filtering logic is defined in the skill documentation.
- [DATA_EXFILTRATION] (LOW): The skill requires network communication with a non-whitelisted domain.
- Evidence: The skill documentation references and utilizes the Composio API (
https://composio.dev). While a legitimate integration platform, it is not included in the 'Trusted External Sources' whitelist, categorizing the network activity as a low-severity finding. - [CREDENTIALS_UNSAFE] (SAFE): The skill requires
COMPOSIO_API_KEYandCOMPOSIO_CONNECTION_ID. These are correctly defined as environment variable requirements rather than being hardcoded in the skill text.
Audit Metadata