post
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill files.
- [CREDENTIALS_UNSAFE]: The skill correctly avoids hardcoding secrets. It utilizes a dedicated secret slot
x-oauthdefined inagent-secrets.yamlto handle bearer token authentication securely. - [DATA_EXFILTRATION]: Network operations are restricted to the official X API (
api.x.com) and a local gateway (SHIFT_LOCAL_GATEWAY). These are legitimate targets for the skill's stated purpose of posting and managing tweets. - [INDIRECT_PROMPT_INJECTION]: While the skill processes user-supplied text for social media posts, it functions as a controlled output tool. No automated processing of untrusted external data (such as reading and executing instructions from incoming tweets) is implemented, minimizing the risk of indirect injection.
Audit Metadata