baoyu-post-to-x
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes system-level commands to perform browser and OS automation tasks.
- Evidence:
scripts/paste-from-clipboard.tsexecutesosascript(macOS),powershell.exe(Windows), andxdotool/ydotool(Linux). - Evidence:
scripts/x-browser.tsand others spawn browser processes with--remote-debugging-portand other automation flags. - Evidence:
scripts/x-utils.tsusesspawnSyncto run local scripts vianpx -y bun. - DATA_EXPOSURE (LOW): The skill creates and uses a persistent Chrome user data directory at
~/.local/share/x-browser-profileto maintain login sessions. This directory contains sensitive session cookies and local storage data. - DYNAMIC_EXECUTION (MEDIUM): Uses the Chrome DevTools Protocol (CDP)
Runtime.evaluatecommand to inject and execute JavaScript within the context of the X website for DOM manipulation. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted user data (text and Markdown articles) and injects it into a web browser session.
- Ingestion points: User-provided text content and Markdown files in
x-browser.tsandx-article.ts(referenced). - Boundary markers: Absent; no delimiters are used to separate user content from the automation scripts.
- Capability inventory: Process spawning (shell commands), browser automation (CDP), and system clipboard manipulation.
- Sanitization: Minimal; uses basic stringification before injecting content into the browser's JavaScript environment.
Audit Metadata