X / Twitter Search

The skill is classified as suspicious due to a prompt injection vulnerability in `scripts/search.js`. The user's search query (`options.query`) is directly embedded into the `payload.input` sent to the xAI Grok model without sufficient sanitization. While the script's `extractContent` function attempts to filter the model's response, a malicious query could potentially manipulate the Grok model's behavior or lead to unintended information disclosure from the model's context. However, there is no evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or installation of backdoors; network calls are confined to `api.x.ai` and `api.x.com` as declared in `SKILL.md`.