x-api-v2
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill documents an interface for ingesting untrusted data from the X platform, which presents a potential surface for indirect prompt injection attacks.\n
- Ingestion points: Operations like
getDirectMessagesEvents.mdandgetPostsById.mdallow the agent to read content authored by external, untrusted users.\n - Boundary markers: The documentation does not specify the use of delimiters, structured data enforcement, or "ignore embedded instructions" warnings when handling retrieved social media content.\n
- Capability inventory: The skill provides access to high-impact write capabilities that could be abused if an injection is successful, including
createPosts.md(tweeting),followUser.md, anddeletePosts.md.\n - Sanitization: No sanitization, escaping, or validation logic for the external content is described within the documentation files, leaving the responsibility for safety entirely to the agent's implementation.
Audit Metadata