Skills
skills/guanyang/antigravity-skills/baoyu-post-to-x/Gen Agent Trust Hub

baoyu-post-to-x

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple local scripts using the bun runtime or npx -y bun. It also utilizes platform-specific commands for system integration:
  • macOS: Uses osascript (AppleScript) for sending real paste keystrokes and activating applications, and swift for clipboard operations involving images and rich HTML.
  • Linux: Uses xclip, wl-copy, xdotool, or ydotool for clipboard and keystroke automation.
  • Windows: Uses powershell.exe with SendKeys for paste operations and .NET assemblies for clipboard management.
  • [EXTERNAL_DOWNLOADS]: The scripts/md-to-html.ts file includes a downloadFile function that fetches remote images specified in Markdown content via HTTPS. It implements safety checks including protocol restriction to HTTPS and a maximum redirect limit.
  • [REMOTE_CODE_EXECUTION]: While the skill executes local scripts and controls a browser via CDP (Chrome DevTools Protocol), the logic is focused on UI automation of the X.com platform. All browser actions are performed within a real Chrome profile, and the skill explicitly requires user confirmation before final submission/publication.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 05:38 AM
Security Audit — agent-trust-hub — baoyu-post-to-x