x-article-publisher
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The script acts as a conduit for untrusted external data into the system clipboard without applying sanitization or isolation.\n
- Ingestion points: Data is loaded from files (
args.path,args.file), command-line strings (args.content), and standard input (sys.stdin).\n - Boundary markers: There are no delimiters or 'ignore' instructions used to wrap the untrusted content, which is a common defense-in-depth practice for agent skills.\n
- Capability inventory: The script performs file-read operations and system-level clipboard writes. It does not possess network or direct code execution capabilities.\n
- Sanitization: The HTML content is encoded and placed directly on the clipboard without filtering for malicious tags or scripts.\n- External Dependencies (LOW): The tool requires several external libraries for platform-specific functionality, including
Pillow,pyobjc-framework-Cocoa,pywin32, andclip-util.
Audit Metadata