write-tweets
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: No security issues were identified. The skill communicates exclusively with the author's verified domain (xquik.com) and uses standard environment variables for authentication.
- [PROMPT_INJECTION]: The skill processes user-supplied prompts. While this represents a surface for indirect prompt injection, it is managed through explicit human-in-the-loop review. Ingestion point: user-supplied prompt in the /compose endpoint. Boundary markers: none specified in the JSON payload structure. Capability inventory: potential downstream impact via the referenced post-tweets skill. Sanitization: requires mandatory user review and confirmation before publication.
- [NO_CODE]: This skill consists of documentation and API definitions only, with no executable scripts or local code files.
Audit Metadata