Skills
skills/postplusai/postplus-skills/x-tools/Gen Agent Trust Hub

x-tools

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a workflow for ingesting and processing untrusted data from X/Twitter, which constitutes a surface for indirect prompt injection.\n
  • Ingestion points: External data enters the system through normalize_x_dataset.mjs and is used by analytical scripts like cluster_x_bios_and_posts.mjs.\n
  • Boundary markers: Data artifacts are managed using structured JSON or wrapped in specific markdown markers (<!-- postplus:block ... -->) in the renderMarkdownBackup function.\n
  • Capability inventory: The skill can execute local commands (yt-dlp, ffmpeg), perform network requests via a shared runtime, and manage local project files.\n
  • Sanitization: The skill applies multiple sanitization layers including cleanString, safeLower, escapeHtml, and escapeSvgText before rendering or processing external content.\n- [COMMAND_EXECUTION]: Local scripts execute subprocesses for media processing. Specifically, download_videos_from_manifest_with_ytdlp.mjs spawns yt-dlp to download video content, and PostPlusWorkspaceRuntime.mjs uses ffmpeg for video generation. These operations use argument arrays to prevent command injection and are essential to the skill's primary research functions.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading media files from X/Twitter URLs using the yt-dlp utility. This behavior is expected for a research tool focused on social media content collection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:44 AM
Security Audit — agent-trust-hub — x-tools