x2c-socialposter
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by using an environment variable (
X2C_API_KEY) for authentication rather than hardcoding secrets. - [SAFE]: Network operations are directed to the service's official API backend hosted on Supabase (
supabase.co), which is a well-known cloud platform. - [SAFE]: File access is limited to reading media files explicitly provided by the user for upload, which is the primary intended function of the skill.
- [SAFE]: The Python script implements robust client-side validation to ensure content meets platform-specific constraints before transmission, reducing the risk of API errors.
- [SAFE]: No obfuscation, prompt injection, or persistence mechanisms were detected in the instructions or the source code.
Audit Metadata