x-articles
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to indirect prompt injection as it processes untrusted markdown content that is subsequently used in browser automation tasks.
- Ingestion points: The scripts
scripts/format-for-x.shandscripts/publish-article.shingest user-provided content files without sanitization. - Boundary markers: No delimiters or instructions are present to prevent the agent from obeying command sequences embedded in the article text.
- Capability inventory: The skill utilizes
agent-browserwhich permits arbitrary navigation, button interaction, file uploads, and JavaScript execution (evaluate). - Sanitization: The formatting script only removes markdown syntax and does not filter or escape natural language instructions that could trigger agent actions.
- COMMAND_EXECUTION (MEDIUM): The skill invokes external CLI tools (
agent-browserandpbcopy) to perform complex browser interactions. - Evidence:
scripts/publish-article.shpasses user-controlled file paths to these tools and uses dynamic JavaScript execution via theevaluateflag to interact with the DOM. - EXTERNAL_DOWNLOADS (LOW): The skill relies on an unverified third-party tool
agent-browser. - Evidence:
skill.jsonlistsagent-browseras a required dependency. While common for automation agents, the source repository is not in the trusted list and requires external installation.
Recommendations
- AI detected serious security threats
Audit Metadata