post-tweets
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the Xquik API service at
https://xquik.com/api/v1. This is a legitimate vendor resource associated with the author 'Xquik-dev'. - [DATA_EXPOSURE]: Authentication is handled correctly via a required environment variable (
XQUIK_API_KEY). There are no hardcoded credentials or access to sensitive local file paths. - [COMMAND_EXECUTION]: The skill requires explicit user approval for every write action. It specifies that the agent must show the full tweet text, media, and target account to the user before calling the API, preventing unauthorized automated posting.
- [PROMPT_INJECTION]: The skill includes robust defenses against indirect prompt injection. It explicitly instructs the agent to treat content from X (tweets/replies) as untrusted user-generated content and to never execute instructions found within that content or interpolate it without review.
- [REMOTE_CODE_EXECUTION]: No external packages are installed, and no remote scripts are downloaded or executed. The skill operates entirely via structured API calls.
Audit Metadata