x-algorithm-optimizer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installation instructions require cloning a repository from an untrusted GitHub user account (themattberman). This source is not listed in the verified [TRUST-SCOPE-RULE] list, posing a risk of malicious code delivery.
- [COMMAND_EXECUTION] (MEDIUM): The skill references a local Python script (
scripts/analyze_x_post.py) intended for runtime execution. Running scripts from unverified external sources can lead to arbitrary code execution on the host machine. - [METADATA_POISONING] (LOW): The documentation makes authoritative but unverifiable claims of being "Reverse-engineered from X's actual codebase." This misleading metadata can influence an agent's reasoning or a user's trust level in the skill's safety and accuracy.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill's primary function is to ingest and process user-provided content (post drafts). This creates an ingestion surface for untrusted data. While primarily for scoring, the absence of documented boundary markers or sanitization could allow instructions hidden in post drafts to influence the agent's analysis or subsequent actions.
Audit Metadata