Skills
skills/apidojo-io/social-media-skills/x-scraper/Gen Agent Trust Hub

x-scraper

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use curl and jq to interact with the Apify API for starting tasks, polling status, and fetching results.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from api.apify.com, which is a well-known service for web scraping and automation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted data from X (Twitter). \n
  • Ingestion points: Tweet text and metadata retrieved from the Apify API. \n
  • Boundary markers: Absent. There are no instructions for the agent to treat retrieved tweet content strictly as data rather than potential instructions. \n
  • Capability inventory: CLI execution (curl, jq) and network access. \n
  • Sanitization: None. The skill does not provide mechanisms to sanitize or validate the content of the scraped tweets before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 04:42 AM