baoyu-post-to-x
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions and environment check script (check-paste-permissions.ts) reference the installation script for the Bun runtime from its official source (https://bun.sh/install).
- [EXTERNAL_DOWNLOADS]: The md-to-html.ts utility fetches remote images from URLs found within user-provided Markdown files to prepare them for article publishing.
- [COMMAND_EXECUTION]: The automation logic involves spawning Google Chrome processes with remote debugging enabled and a persistent user profile directory to maintain logged-in sessions.
- [COMMAND_EXECUTION]: The skill uses system-level commands like osascript (macOS), xdotool (Linux), and powershell.exe (Windows) to perform 'paste' operations, ensuring that media and formatted text are correctly inserted into the browser as real user events.
- [COMMAND_EXECUTION]: For platform-specific clipboard management on macOS, the skill generates and executes temporary Swift code to interface with system APIs.
- [COMMAND_EXECUTION]: The skill includes instructions to use process management tools like pkill to resolve conflicts with existing browser instances during automation setup.
Audit Metadata