tuzi-danger-x-to-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses system commands to handle environment-specific tasks and browser automation.
scripts/paths.tsutilizesexecSyncto runcmd.exe /C "echo %USERPROFILE%"for resolving Windows home paths when running inside WSL.scripts/cookies.tsusesspawnto launch a Chrome or Chromium browser instance to facilitate automated cookie extraction through the Chrome DevTools Protocol (CDP).- [EXTERNAL_DOWNLOADS]: The skill fetches data and assets from official X (Twitter) domains to perform its primary function.
scripts/media-localizer.tsdownloads image and video assets frompbs.twimg.comandvideo.twimg.comto local storage.scripts/graphql.tsfetches API responses and JavaScript bundles fromx.comandabs.twimg.comto extract GraphQL query identifiers.- [PROMPT_INJECTION]: The skill processes external tweet content, establishing an indirect prompt injection surface.
- Ingestion points: Tweet text and article content are ingested from the X API and formatted into markdown files.
- Boundary markers: The skill uses YAML front matter and Markdown headers to structure the output, though it does not provide explicit instructions to the agent to ignore instructions embedded in the tweet body.
- Capability inventory: The skill possesses capabilities for file system writes, network requests to X, and spawning browser processes.
- Sanitization: It implements slug sanitization for file paths and escapes specific characters in media metadata to prevent structural markdown injection.
- [CREDENTIALS_UNSAFE]: The skill contains a hardcoded bearer token for API access.
scripts/constants.tsdefines aDEFAULT_BEARER_TOKEN. This is a publicly known guest bearer token used by the X web client and is required for guest-level API interactions.
Audit Metadata