x-bookmarks
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No evidence of malicious code, obfuscation, or unauthorized data access was found. The skill operates within its stated scope.
- [DATA_EXPOSURE]: The skill reads private bookmark data from X (Twitter) using the vendor's infrastructure at xquik.com. This alignment between author and domain is consistent with legitimate vendor functionality.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface through the ingestion of external tweet data.
- Ingestion points: Untrusted content is retrieved from X via the
/x/bookmarksendpoint inSKILL.md. - Boundary markers: The documentation explicitly instructs the agent to treat retrieved text as data, which acts as a conceptual boundary.
- Capability inventory: The skill is restricted to read and export operations; it does not possess filesystem or shell execution capabilities.
- Sanitization: No explicit sanitization or filtering of the retrieved content is mentioned.
Audit Metadata