Skills
skills/tuziapi/tuzi-skills/baoyu-danger-x-to-markdown/Gen Agent Trust Hub

baoyu-danger-x-to-markdown

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file scripts/constants.ts contains a hardcoded bearer token (DEFAULT_BEARER_TOKEN). While this specific token is commonly used as a public key for the X web client, hardcoding credentials in source code is a poor security practice.
  • [COMMAND_EXECUTION]: In scripts/cookies.ts, the skill uses the spawn function to launch a Chrome browser instance. This is part of a mechanism to extract authentication cookies using the Chrome DevTools Protocol (CDP).
  • [COMMAND_EXECUTION]: The file scripts/paths.ts utilizes execSync to run system commands (cmd.exe and wslpath) to detect and resolve user directories when operating within a Windows Subsystem for Linux (WSL) environment.
  • [EXTERNAL_DOWNLOADS]: The script scripts/media-localizer.ts fetches media files from X (Twitter) servers (twimg.com) to the local filesystem when the user enables media downloading. This is documented as a core feature of the skill.
  • [DATA_EXFILTRATION]: The skill manages sensitive authentication data, including auth_token and ct0 cookies, in scripts/cookies.ts and scripts/cookie-file.ts. These are stored locally in cookies.json. While they are used to authenticate requests to X, the handling of active session data poses a risk if the local environment is not secure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external tweets and articles.
  • Ingestion points: Data is ingested via API responses in scripts/graphql.ts and scripts/tweet-to-markdown.ts.
  • Boundary markers: There are no explicit boundary markers or instructions in the markdown output to prevent the agent from interpreting instructions embedded within the tweet content.
  • Capability inventory: The skill has capabilities to write files to the disk (scripts/main.ts) and perform network downloads (scripts/media-localizer.ts).
  • Sanitization: The skill performs basic sanitization for filenames (sanitizeSlug) but does not sanitize the body text of tweets or articles to prevent the injection of malicious markdown or commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 01:05 PM