baoyu-post-to-x

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple system-level commands across different platforms. On macOS, it uses osascript for app activation and keystroke simulation. On Windows, it leverages PowerShell's SendKeys and Clipboard classes. On Linux, it utilizes xdotool or ydotool for keyboard automation. It also includes instructions to use pkill and pgrep for managing browser processes.\n- [COMMAND_EXECUTION]: The copy-to-clipboard.ts and check-paste-permissions.ts scripts dynamically generate Swift source code from hardcoded templates on macOS. This code is written to temporary files and executed using the local swift interpreter to handle rich-text and image clipboard operations.\n- [EXTERNAL_DOWNLOADS]: The md-to-html.ts script is designed to download remote images via HTTPS during the Markdown-to-HTML conversion process for X Articles. This allows the inclusion of remote assets in long-form posts.\n- [PROMPT_INJECTION]: The skill processes user-provided Markdown files through the md-to-html.ts script, creating an indirect prompt injection surface. Ingestion occurs via Markdown file reading; capability inventory includes system command execution and browser control; sanitization is performed via the marked library; however, explicit boundary markers for content separation are absent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 05:49 AM
Security Audit — agent-trust-hub — baoyu-post-to-x