Skills
skills/erafat/skills/baoyu-danger-x-to-markdown/Gen Agent Trust Hub

baoyu-danger-x-to-markdown

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file scripts/constants.ts includes a hardcoded public bearer token (DEFAULT_BEARER_TOKEN) used for X guest authentication.
  • [COMMAND_EXECUTION]: The skill automates a Chrome browser through scripts/cookies.ts to manage authentication. It uses child_process.spawn to launch the browser and utilizes the Chrome DevTools Protocol (CDP) to extract login cookies.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with x.com and abs.twimg.com to fetch tweet content, article data, and dynamically resolve API identifiers needed for conversion.
  • [DATA_EXFILTRATION]: The skill accesses local application data directories (e.g., ~/Library/Application Support/baoyu-skills/ or ~/.local/share/baoyu-skills/) to store and retrieve authentication cookies and user consent records.
  • [PROMPT_INJECTION]: The skill processes untrusted text from X (tweets and articles), creating an indirect prompt injection surface. An agent consuming the resulting Markdown could be influenced by instructions hidden in the converted text.
  • Ingestion Point: scripts/graphql.ts (API responses from X).
  • Boundary Markers: Employs Markdown formatting and YAML frontmatter.
  • Capability: Writes converted content to the local file system.
  • Sanitization: No specific filtering is applied to the tweet or article text to detect or remove malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:05 AM