read-x
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from external social media posts, which is a classic surface for indirect prompt injection.
- Ingestion points: Data enters the agent via the
api.fxtwitter.comendpoint, specifically thetweet.textandtweet.article.contentfields. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to help the agent distinguish between the skill's instructions and the fetched content.
- Capability inventory: The skill utilizes
web_fetchand instructs the agent on how to parse and render complex JSON structures into Markdown. - Sanitization: Absent. There is no mention of filtering or sanitizing the retrieved text before it is processed by the agent's context.
- [External Downloads] (LOW): The skill directs the agent to interact with
api.fxtwitter.com. While this is the core function of the skill, users should be aware that their queries (tweet IDs) are being sent to this third-party service.
Audit Metadata