desearch-x-search
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from X (Twitter), creating a surface for indirect prompt injection via untrusted posts. * Ingestion point: scripts/desearch.py retrieves tweet text and metadata. * Capability inventory: The skill executes network requests and data processing. * Sanitization: No specific filtering or escaping is applied to the retrieved content. * Boundary markers: Data is returned without explicit delimiters or instructions to treat it as untrusted.
- [SAFE]: The skill uses the DESEARCH_API_KEY environment variable to authenticate requests to the vendor's official domain, api.desearch.ai, which is expected behavior for its primary function.
Audit Metadata