Skills
skills/moltbot/skills/xfetch/Gen Agent Trust Hub

xfetch

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the xfetch-cli Node.js package from the LXGIC-Studios/xfetch GitHub repository.
  • [COMMAND_EXECUTION]: The skill relies on executing the xfetch binary to perform data retrieval and search operations on X/Twitter.
  • [CREDENTIALS_UNSAFE]: The skill requires users to manage and set sensitive session cookies (auth_token and ct0) through CLI commands. Providing these as command-line arguments can result in their exposure in shell history or system process logs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of fetching untrusted content from X/Twitter. \n
  • Ingestion points: Untrusted content is ingested from the external platform via xfetch tweets, xfetch search, and xfetch thread commands. \n
  • Boundary markers: No delimiters or boundary markers are present in the skill instructions to isolate fetched data from agent instructions. \n
  • Capability inventory: The skill possesses the capability to execute system commands through the xfetch utility. \n
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved tweet content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 08:05 AM