post-to-x
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes local TypeScript scripts (e.g.,
x-browser.ts,x-article.ts) using thebunruntime. These scripts perform high-risk operations, including direct browser control via CDP and system clipboard manipulation, which are not restricted by standard agent sandboxes. - [REMOTE_CODE_EXECUTION] (HIGH): The skill relies on scripts located in a
./scripts/directory that are not provided for analysis. Executing these unverified scripts vianpx -y bunconstitutes arbitrary code execution on the host machine. - [CREDENTIALS_UNSAFE] (MEDIUM): The skill encourages the use of persistent Chrome profiles to store X.com login sessions (cookies). While this is the intended functionality for persistent access, these profile directories are sensitive and their management by unverified scripts poses a risk of credential theft.
- [EXTERNAL_DOWNLOADS] (LOW): The
md-to-html.tsutility automatically downloads remote images from URLs found in Markdown files to a local temporary directory without explicit user validation of the source. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted Markdown files and remote images which could be used to influence the agent's posting behavior.
- Ingestion points: Local Markdown files, image file paths, and remote image URLs.
- Boundary markers: Absent. Content is parsed and converted directly into HTML for browser injection.
- Capability inventory: Full browser automation (CDP), file system read/write (temp images), and arbitrary script execution via
bun. - Sanitization: No evidence of sanitizing Markdown content or HTML before it is pasted into the browser session.
Recommendations
- AI detected serious security threats
Audit Metadata