x-twitter-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted, user-generated content from X (Twitter), which creates a surface for indirect prompt injection.
- Ingestion points: The skill describes multiple endpoints in
SKILL.md(e.g.,/x/tweets/search,/x/tweets/{id},/x/users/{username}) that fetch text content from tweets, replies, and user bios. - Boundary markers: The provided integration examples do not include delimiters or instructions to treat the fetched content as untrusted data.
- Capability inventory: While the skill itself consists of documentation, it is intended for use with high-capability agents (Claude Code, Cursor, etc.) that can execute code and modify files based on processed data.
- Sanitization: There is no mention of sanitization, filtering, or validation of the fetched external content before it is processed by the agent.
Audit Metadata