baoyu-post-to-x
Warn
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of platform-specific CLI tools to simulate user interaction and manage the system clipboard.
- Uses
osascripton macOS to activate applications and send real 'Cmd+V' keystrokes to the browser. - Uses
powershell.exeon Windows to interact withSystem.Windows.Forms.ClipboardandSendKeys. - Uses
xdotool(X11) orydotool(Wayland) on Linux for keystroke simulation. - Uses
pgrepandpkillto manage Chrome processes. - Uses
swiftto execute dynamically generated code for image/HTML clipboard operations on macOS. - [EXTERNAL_DOWNLOADS]: The
scripts/md-to-html.tsscript contains adownloadFilefunction that fetches images from arbitrary HTTPS URLs provided in Markdown content. - Images are saved to a temporary directory (
/tmp/x-article-images) before being processed. - The logic verifies the protocol is HTTPS and follows up to 5 redirects.
- [REMOTE_CODE_EXECUTION]: The skill instructions and scripts rely on
npx -y bunto run the core logic, which involves downloading the Bun runtime if it is not already present on the system. - [COMMAND_EXECUTION]: Potential command injection risk in
scripts/paste-from-clipboard.tswhere the--appargument is directly interpolated into an AppleScript string (tell application "${targetApp}") executed viaosascript. While the agent is intended to provide the app name, this pattern is generally fragile. - [DYNAMIC_EXECUTION]: The skill dynamically generates and executes Swift source code at runtime to handle clipboard operations on macOS in
scripts/copy-to-clipboard.tsandscripts/check-paste-permissions.ts. While the Swift code itself uses safe argument handling, the runtime generation of executable scripts is a significant capability.
Audit Metadata