optimize-tweets
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary functionality is to interface with a remote API hosted at xquik.com. This domain is consistent with the skill's authorship and stated purpose.
- [DATA_EXFILTRATION]: While the skill transmits user-provided tweet drafts to an external service, this is the core intended functionality. The transmission targets the vendor's own infrastructure (https://xquik.com/api/v1).
- [PROMPT_INJECTION]: The skill processes untrusted user input (tweet drafts) which is then sent to an external API. This represents an indirect prompt injection surface. The risk is mitigated by the skill's restricted 'api-only' execution model and lack of sensitive system capabilities such as file system access or shell execution.
- Ingestion points: User-provided tweet drafts in the 'text' field of /compose requests.
- Boundary markers: Not explicitly defined in the documentation.
- Capability inventory: Restricted to POST requests to the vendor's API endpoints; no subprocess or local script execution.
- Sanitization: Not specified in the markdown instructions.
Audit Metadata