x-twitter-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external social media content.\n
- Ingestion points: The skill ingests untrusted data from X (Twitter) through multiple tools, including
search-tweets,lookup-tweet, and various extraction tools (e.g.,reply_extractor,post_extractor) defined inSKILL.md.\n - Boundary markers: There are no explicit instructions or delimiters provided in the skill configuration to help the agent distinguish between its instructions and the content of the tweets it retrieves.\n
- Capability inventory: The skill provides 22 MCP tools that allow the agent to perform extensive data lookups, start/stop account monitoring, and manage webhooks via the
https://xquik.comAPI.\n - Sanitization: The documentation does not specify any sanitization, filtering, or escaping of the retrieved tweet content before it is passed to the AI agent's context.
Audit Metadata