Skills
skills/dieterwang7/huateamassistant-baoyu-skills/baoyu-danger-x-to-markdown/Gen Agent Trust Hub

baoyu-danger-x-to-markdown

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Data Exposure & Exfiltration] (HIGH): A hardcoded Bearer token is present in scripts/constants.ts. Additionally, the skill reads and writes sensitive session cookies (containing auth_token and ct0) to system application data paths (~/Library/Application Support or ~/.local/share), which are considered sensitive credential files.
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted data from X.com, creating an attack surface for indirect prompt injection. 1. Ingestion points: tweet-to-markdown.ts. 2. Boundary markers: Absent. 3. Capability inventory: Network fetch (http.ts) and filesystem write (cookie-file.ts). 4. Sanitization: Absent.
  • [Privilege Escalation] (LOW): Instructions in SKILL.md direct the agent to execute shell commands like cat and mkdir for consent and configuration management, which involves low-level command execution capabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:43 PM