xapi
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on
npx @xapi-to/xapito execute its functions. This mechanism downloads and runs the latest version of the xapi package from the npm registry at runtime. - [COMMAND_EXECUTION]: The skill facilitates the execution of multiple CLI commands via
npxto perform data retrieval, account registration, and configuration tasks. - [CREDENTIALS_UNSAFE]: The skill manages an API key for the xapi service.
- The key is stored locally in a configuration file at
~/.xapi/config.json. - The documentation notes that the
topupcommand generates a payment URL that includes the API key as a query parameter, which could lead to accidental exposure if the URL is logged or shared. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from untrusted third-party sources.
- Ingestion points: Data is ingested through commands like
twitter.user_tweets,twitter.tweet_detail,web.search, andnews.search.latest(SKILL.md). - Boundary markers: The instructions do not define specific boundary markers or delimiters to separate external content from agent instructions.
- Capability inventory: The skill has the capability to execute shell commands via
npxand perform network operations to interact with various APIs (SKILL.md). - Sanitization: There are no explicit instructions for the agent to sanitize or validate the content retrieved from external sources before processing it.
Audit Metadata