x-api-v2
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): This skill consists entirely of Markdown documentation files describing the X API v2. It does not include any scripts (.py, .js, .sh), configuration files for package managers (package.json, requirements.txt), or binary executables.
- [Indirect Prompt Injection] (LOW): The skill documents endpoints that ingest untrusted user-generated content from X, creating a potential surface for indirect injection. (1) Ingestion points: Operations such as
getUsersMentions,searchPostsRecent, andgetUsersTimeline(documented inreferences/operations/). (2) Boundary markers: None identified in the provided reference materials to isolate user content from instructions. (3) Capability inventory: Documents state-modifying capabilities likecreatePosts,deletePosts, andcreateDirectMessagesByConversationId. (4) Sanitization: No sanitization or filtering logic is documented within the reference schemas. - [Credentials] (SAFE): No hardcoded API keys, tokens, or secrets were found in any of the analyzed files. Authentication is documented using standard methods (BearerToken, OAuth2) with no embedded private data.
Audit Metadata