felo-x-search
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No prompt injection or instructions to bypass safety guidelines were found in the skill's markdown files.
- [SAFE]: The skill handles authentication securely using the
FELO_API_KEYenvironment variable. - [SAFE]: All network operations are directed to the vendor's official API domain (
openapi.felo.ai). - [SAFE]: No obfuscation, persistence, or privilege escalation patterns were detected in the source code or instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill fetches content from external sources (X/Twitter) which could contain malicious instructions.
- Ingestion points: The
scripts/run_x_search.mjsscript retrieves tweets, user bios, and replies from the X platform via API. - Boundary markers: Absent. The retrieved data is output as standard Markdown without explicit delimiters warning the agent that the content is untrusted.
- Capability inventory: The skill includes network access to the Felo API and outputs formatted text to the console; it does not perform file writes or arbitrary command execution based on the data.
- Sanitization: Absent. Tweet content and user descriptions are displayed without filtering for potential prompt injection strings.
Audit Metadata