Skills
skills/jimliu/baoyu-skills/baoyu-danger-x-to-markdown/Gen Agent Trust Hub

baoyu-danger-x-to-markdown

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/paths.ts executes cmd.exe and wslpath via execSync to resolve Windows user profile paths when running in WSL.\n- [COMMAND_EXECUTION]: The skill launches a browser (Chrome/Edge) using baoyu-chrome-cdp in scripts/cookies.ts to automate authentication and cookie harvesting from X.com.\n- [EXTERNAL_DOWNLOADS]: The scripts/media-localizer.ts utility downloads media assets from well-known Twitter servers (pbs.twimg.com, video.twimg.com) to save them locally.\n- [DATA_EXFILTRATION]: The skill retrieves authentication tokens from environment variables or local files and sends them to X.com GraphQL endpoints to retrieve content.\n- [PROMPT_INJECTION]: The skill processes untrusted content from X, creating an indirect prompt injection surface. \n
  • Ingestion points: Tweet and article text fetched from X.com in scripts/graphql.ts. \n
  • Boundary markers: None present in the generated markdown output. \n
  • Capability inventory: File writing (writeFile), command execution (execSync), and browser automation via Chrome DevTools Protocol. \n
  • Sanitization: Basic markdown escaping is applied to content in scripts/markdown.ts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 02:55 AM