Skills
skills/guanyang/antigravity-skills/baoyu-post-to-weibo/Gen Agent Trust Hub

baoyu-post-to-weibo

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of child_process.spawn and spawnSync to execute platform-specific system utilities such as osascript (macOS), powershell.exe (Windows), xdotool and ydotool (Linux) for desktop automation and clipboard interaction.
  • [REMOTE_CODE_EXECUTION]: Implements dynamic code generation and execution by writing temporary Swift source files on macOS and assembling PowerShell or AppleScript strings at runtime to interface with native system APIs for rich-media clipboard management.
  • [EXTERNAL_DOWNLOADS]: Scripts utilize npx -y bun for execution, which may trigger the dynamic download and installation of the Bun runtime from the npm registry if not already present on the host system. It also depends on the third-party packages baoyu-chrome-cdp and baoyu-md from the author's ecosystem.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external data.
  • Ingestion points: Processes user-provided Markdown files in scripts/md-to-html.ts and text content in scripts/weibo-post.ts.
  • Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands within the source data.
  • Capability inventory: Includes browser automation via Chrome DevTools Protocol (CDP), local file system access, and native command execution.
  • Sanitization: No significant sanitization is performed on input Markdown content beyond standard parsing, allowing potential malicious instructions to enter the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 05:39 AM
Security Audit — agent-trust-hub — baoyu-post-to-weibo