x-research
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or behaviors were detected. The skill serves a legitimate research purpose and operates within expected parameters for an information retrieval tool.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted external content retrieved from X/Twitter posts.\n
- Ingestion points: External data enters the agent's context through the
x_searchtool as described in the Research Loop section of SKILL.md.\n - Boundary markers: The instructions specify quoting tweet content (e.g., @username: "[key quote]") but do not implement strict delimiters or explicit instructions for the agent to ignore commands that may be embedded within the retrieved tweets.\n
- Capability inventory: The skill is limited to read-only research operations using the
x_searchtool (commands: search, profile, thread); it does not contain or request capabilities for file system access, arbitrary command execution, or network exfiltration.\n - Sanitization: There are no explicit sanitization or filtering steps defined to clean or validate the content of the retrieved tweets before they are processed by the agent.
Audit Metadata