x-pro-management
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The documentation explicitly instructs users to open browser DevTools and paste code from 'src/xPro.js' into the console while authenticated on 'x.com' or 'pro.x.com'. This 'Self-XSS' pattern is a high-risk security vulnerability that can lead to account takeover, session hijacking, or data exfiltration.- [NO_CODE]: The core functional files 'src/xPro.js' and 'src/xProManager.js' are referenced as the primary execution components but are missing from the skill package. This makes the actual logic unverifiable and poses a supply chain risk.- [NO_CODE]: There is a mismatch between the provided author context ('nirholas') and the metadata field ('nichxbt') in the SKILL.md file. Such discrepancies in metadata can be indicative of impersonation or a lack of source integrity.
Recommendations
- AI detected serious security threats
Audit Metadata