x-operations
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists of markdown instructions and does not ship with any executable code or scripts.
- [SAFE]: The skill utilizes a vendor-provided X plugin with a defined permission model (actionsAllowFrom) for write operations, ensuring managed access to sensitive functionality.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from X (Twitter), creating a surface for indirect prompt injection. This surface is identified as follows:
- Ingestion points: Data enters through search, timeline, and user info actions.
- Boundary markers: No explicit instruction delimiters are present to distinguish retrieved content from agent instructions.
- Capability inventory: The skill allows write actions such as posting, replying, and sending direct messages.
- Sanitization: No content sanitization is described.
Audit Metadata