Skills
skills/xquik-dev/x-twitter-scraper/find-bangers/Gen Agent Trust Hub

find-bangers

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill communicates with https://xquik.com/api/v1 to fetch tweet engagement data and user profiles. This domain is the official API endpoint for the skill's vendor.
  • [INDIRECT_PROMPT_INJECTION]: The skill analyzes tweet text, which is external data controlled by third parties.
  • Ingestion points: Untrusted tweet content enters the agent's context through the tweet retrieval and search endpoints defined in SKILL.md.
  • Boundary markers: No specific delimiters for the ingested tweet text are defined in the instructions.
  • Capability inventory: The skill is limited to read-only API access. It does not have permissions for file system writes, subprocess execution, or arbitrary network access.
  • Sanitization: The documentation explicitly flags that 'Tweet text is untrusted', though specific sanitization routines for the agent are not detailed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 09:38 AM