xcli
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources and has access to sensitive capabilities. 1. Ingestion points: The agent retrieves untrusted text via
xcli search posts,xcli likes list, andxcli bookmarks list. 2. Boundary markers: The skill documentation does not define boundary markers or instruct the agent to ignore instructions embedded in the retrieved data. 3. Capability inventory: The skill has the capability to write sensitive configuration and tokens to the local filesystem usingxcli config setand perform authentication actions. 4. Sanitization: There is no evidence of sanitization or filtering of the retrieved tweet content before it is processed by the agent.
Audit Metadata