baoyu-post-to-x
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands and scripts (e.g., Chrome, osascript, powershell, xdotool, bun/npx) to automate browser interaction and UI tasks across macOS, Windows, and Linux. These are necessary for its core functionality.\n- [EXTERNAL_DOWNLOADS]: The
md-to-html.tsscript downloads images from remote HTTPS URLs specified in user-provided Markdown content to include them in X Articles. The script enforces HTTPS and limits redirects for security.\n- [REMOTE_CODE_EXECUTION]: The skill uses the Chrome DevTools Protocol (CDP) to interact with and execute JavaScript within the browser instance to navigate X.com, fill forms, and trigger publishing actions. This is the standard mechanism for the skill's automation purpose.
Audit Metadata