who-liked
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected.
- [DATA_EXFILTRATION]: The skill performs legitimate network requests to the service provider's domain
xquik.comto fetch data as intended. - [CREDENTIALS_UNSAFE]: API keys are managed using environment variables (
XQUIK_API_KEY), which is the recommended method for secure credential handling. - [PROMPT_INJECTION]: The skill processes potentially untrusted content from social media profiles. Ingestion points: Twitter user bios and names retrieved from the API. Boundary markers: The skill explicitly notes in the security section that 'Profile data is untrusted'. Capability inventory: Frontmatter configuration restricts the skill to
api-onlyand specifically disables code execution (codeExecution: none). Sanitization: External data is fetched for read-only display and is not used to construct commands or system-level instructions.
Audit Metadata