track-competitors
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill makes network calls to the author's official domain (xquik.com) to retrieve social media data. This is standard functionality for the skill's stated purpose and originates from the vendor's own infrastructure.
- [PROMPT_INJECTION]: The skill handles data from external sources (Twitter bios and tweets) which represents an indirect prompt injection surface.
- Ingestion points: External data is ingested from X (Twitter) through the API endpoints defined in SKILL.md.
- Boundary markers: The skill includes a 'Security' section specifically instructing the agent to treat bios and tweet text as untrusted data and to render it as data only.
- Capability inventory: The skill's capabilities are restricted to API-based data retrieval and benchmarking; it lacks access to sensitive local files, credentials proxying, or system execution tools.
- Sanitization: The skill utilizes instructional guardrails to ensure the agent processes external strings as data rather than instructions.
Audit Metadata