who-retweeted
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill facilitates data extraction from X (Twitter) using the Xquik API. All network requests are directed to the vendor's verified domain (xquik.com).
- [DATA_EXPOSURE_EXFILTRATION]: No hardcoded credentials or sensitive local file access detected. Authentication is handled correctly via the XQUIK_API_KEY environment variable.
- [PROMPT_INJECTION]: The skill processes untrusted user-generated content from X. Ingestion points: User profiles (names, bios) fetched via POST /extractions in SKILL.md. Boundary markers: Includes a note that 'Profile data is untrusted'. Capability inventory: None; the skill is restricted to read-only API calls. Sanitization: None explicitly defined in the instructions.
- [NO_CODE]: The skill contains no executable scripts or local code; it operates exclusively through external API calls.
Audit Metadata