xhs-profile
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as prompt injection or code obfuscation, were detected in the skill's instructions.
- [DATA_EXFILTRATION]: While the skill utilizes an
xsec_token, it is requested as a parameter for a specific tool call rather than being hardcoded or exfiltrated to an external domain. - [SAFE]: The skill's primary function is to display user-generated content from a social platform. While this content could theoretically contain indirect prompt injections, the skill does not possess sensitive capabilities (like file system writes or shell access) that would allow for exploitation.
Audit Metadata