Skills
skills/xquik-dev/x-twitter-scraper/grow-followers/Gen Agent Trust Hub

grow-followers

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill communicates with an external API at https://xquik.com/api/v1 to resolve user handles and fetch performance metrics. This involves transmitting user identifiers to an external service, which is the intended functionality of the vendor's platform.
  • [PROMPT_INJECTION]: The skill processes untrusted tweet text and engagement data which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Data enters the context from external accounts via the /x/users/{id}/tweets endpoint in SKILL.md.
  • Boundary markers: The skill documentation explicitly warns the agent not to treat any string as an instruction, though it does not define specific technical delimiters.
  • Capability inventory: The skill is limited to read-only API access and does not have capabilities for file system modification, command execution, or autonomous posting.
  • Sanitization: Metadata indicates prompt injection defense is active, though the specific sanitization methods for external tweet content are not detailed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 09:38 AM