canghe-danger-x-to-markdown
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Spawns browser processes (Chrome, Edge, or Chromium) to facilitate authentication. It uses the --remote-debugging-port flag to enable programmatic control via CDP.
- [CREDENTIALS_UNSAFE]: Contains a hardcoded Twitter bearer token in scripts/constants.ts. While this is a known public token, hardcoding credentials is a security anti-pattern.
- [DATA_EXFILTRATION]: Programmatically extracts sensitive authentication cookies (auth_token, ct0, gt, twid) from the user's browser session. While intended for the skill's functionality, this mechanism handles highly sensitive session data.
- [EXTERNAL_DOWNLOADS]: Uses npx -y bun in its execution commands, which automatically downloads the Bun runtime if it is not present on the system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted tweet content without sanitizing it for downstream LLM processing.
- Ingestion points: Tweet and article content fetched from X API in scripts/graphql.ts and scripts/thread.ts.
- Boundary markers: Absent.
- Capability inventory: File system writing, browser process spawning, and network requests across multiple scripts.
- Sanitization: Sanitizes file paths in scripts/main.ts but does not filter fetched content for instructions.
Audit Metadata