baoyu-danger-x-to-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill manages sensitive X session data, including 'auth_token' and 'ct0' tokens, stored in a local 'cookies.json' file and provided via environment variables. It also includes a hardcoded public bearer token for API access.- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run 'cat' and 'test' commands to verify user consent and check for configuration files in the user's home or project directory.- [EXTERNAL_DOWNLOADS] (LOW): The usage of 'npx -y bun' involves downloading the Bun runtime from the npm registry at execution time.- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) as it fetches and renders untrusted content from X without robust sanitization.
- Ingestion points: Tweet and article content fetched in 'scripts/thread.ts' and 'scripts/tweet-article.ts'.
- Boundary markers: None; the content is interpolated directly into markdown.
- Capability inventory: Ability to run subprocesses via 'npx' and perform file-write operations.
- Sanitization: Only basic character escaping for markdown alt-text is implemented.
Audit Metadata