x-api
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto execute network requests against the X API v2 endpoints to retrieve public data. - [EXTERNAL_DOWNLOADS]: The skill communicates with
api.x.com, which is a well-known technology service. Per [TRUST-SCOPE-RULE], these references are documented neutrally and are considered safe. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted data from an external source. • Ingestion points: User-generated content such as tweets, bios, and mentions are retrieved from
api.x.comand brought into the agent context. • Boundary markers: Absent; the skill does not use delimiters to isolate external data from system instructions. • Capability inventory: The skill provides capabilities for making network requests viacurl. • Sanitization: Absent; the skill does not perform explicit sanitization, filtering, or escaping of the content returned by the API.
Audit Metadata