tweet-replies
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts exclusively with 'https://xquik.com/api/v1', which is the vendor's official API domain.
- [SAFE]: The prompt injection signal is a false positive; the text 'ignore previous instructions' is used in a defensive context to instruct the agent to treat tweet text as data rather than commands.
- [SAFE]: While the skill ingests untrusted third-party content (tweet replies), it identifies this as a potential indirect prompt injection surface and includes explicit boundary instructions and defensive guidance to mitigate the risk.
- [SAFE]: The skill is configured as 'api-only' and 'read-only', with no local code execution, file system access, or persistence mechanisms detected.
Audit Metadata