search-x
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to api.x.ai and api.x.com to retrieve search results. These are official endpoints for the supported services.
- [CREDENTIALS_UNSAFE]: Authentication tokens are correctly retrieved from the environment (XAI_API_KEY, X_BEARER_TOKEN). No hardcoded credentials were detected in any files.
- [DATA_EXFILTRATION]: No unauthorized data access or exfiltration was observed. The skill only transmits user-provided queries to official search APIs.
- [SAFE]: Indirect prompt injection assessment: (1) Ingestion point: Remote tweet data is retrieved in scripts/search.js. (2) Boundary markers: Absent, though output is structured for display. (3) Capability inventory: The skill does not have access to sensitive capabilities like file writing or command execution. (4) Sanitization: Data is output directly. Risk is minimal.
Audit Metadata