Skills
skills/zephyrwang6/myskill/baoyu-danger-x-to-markdown/Gen Agent Trust Hub

baoyu-danger-x-to-markdown

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/cookies.ts launches a browser instance (Chrome, Edge, or Chromium) using child_process.spawn to allow the user to log in and capture session cookies. This process uses a dedicated, isolated profile directory within the skill's data folder to avoid accessing the user's primary browser data.\n- [DATA_EXFILTRATION]: Sensitive session cookies (auth_token, ct0, etc.) are captured from the browser and stored in a local cookies.json file as implemented in scripts/cookie-file.ts. These credentials are used to authenticate subsequent GraphQL requests to X.com.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from X.com.\n
  • Ingestion points: External tweet and article content is ingested via the GraphQL API in scripts/graphql.ts.\n
  • Boundary markers: No delimiters or safety instructions are provided to the agent when it receives the formatted markdown output.\n
  • Capability inventory: The skill can execute commands (browser launch), write to the local filesystem (saving markdown and media), and perform network operations.\n
  • Sanitization: Content is formatted into markdown, but the body text is not sanitized to remove or neutralize potential instructions hidden in the tweet content.\n- [EXTERNAL_DOWNLOADS]: The scripts/media-localizer.ts module uses the fetch API to download images and videos from remote URLs discovered within the processed content and saves them to the local filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 03:07 PM