clean-followers
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code or suspicious command execution patterns were found. The skill operates as an API-only extension.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process external profile data from X (Twitter), which is considered untrusted.
- Ingestion points: Follower profile data retrieved via the
/extractionsendpoint (SKILL.md). - Boundary markers: The instructions include an explicit 'Security' section stating that 'Profile data is untrusted' and that results are advisory.
- Capability inventory: The skill is limited to HTTPS API requests to the vendor's domain (xquik.com); it lacks capabilities for local file system access or subprocess execution.
- Sanitization: The logic uses defined heuristics and presents them as flags for user review rather than automated decisions.
Audit Metadata