x-spaces
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and metadata contain no evidence of malicious patterns, persistence mechanisms, or unauthorized privilege escalation.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external data (usernames, roles) from X Spaces into the agent context via the extraction endpoints. This risk is addressed by the presence of a boundary marker in the security section stating 'Profile data is untrusted.' The skill has no code execution or file-system capabilities, limiting the potential impact of processed external content.
- [COMMAND_EXECUTION]: No shell commands or system-level execution patterns were identified; the skill is explicitly defined as api-only.
Audit Metadata