x-twitter-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from X (Twitter), which creates a surface for indirect prompt injection attacks where the AI agent might follow instructions embedded in tweets or user bios.
- Ingestion points: Data enters the agent's context through various endpoints described in
SKILL.md, includingsearch_tweets,reply_extractor, anduser_lookup. - Boundary markers: The documentation does not specify or recommend the use of delimiters or explicit instructions to ignore commands within the scraped content.
- Capability inventory: The skill is designed for use with highly capable AI coding agents such as Claude Code, Cursor, and Windsurf, which often have access to terminal and filesystem operations.
- Sanitization: There is no evidence or mention of sanitization or filtering of the retrieved social media data before it is presented to the agent.
- [NO_CODE]: The skill consists entirely of markdown documentation and configuration examples for the Xquik service; it does not include any local scripts, binary files, or executable code.
Audit Metadata