x-lists
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation describes an API-only interaction with the vendor's services (xquik.com) and contains no scripts, executables, or local code execution patterns.
- [DATA_EXFILTRATION]: Network requests are restricted to the vendor's official domain for the purpose of list extraction. Secret management for the XQUIK_API_KEY follows standard security practices using environment variables rather than hardcoded credentials.
- [PROMPT_INJECTION]: The skill processes external data from X (Twitter) lists, such as user bios and post text. The author explicitly identifies these as untrusted data sources, acknowledging the surface for indirect prompt injection without providing any instructions that would lead the agent to interpret that data as executable commands.
Audit Metadata