tuzi-post-to-x
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official Bun installation script in its documentation and environment checks to help users set up the required runtime.
- [EXTERNAL_DOWNLOADS]: The article processing script (md-to-html.ts) downloads remote images specified in Markdown files using standard HTTP requests to local temporary storage.
- [COMMAND_EXECUTION]: The skill uses platform-specific utilities (osascript, powershell, xdotool) to perform UI actions like pasting and application activation which are necessary for browser automation.
- [REMOTE_CODE_EXECUTION]: On macOS, the skill dynamically generates and executes temporary Swift code to manage clipboard image data, as standard shell commands do not natively support rich-media clipboard operations.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes Markdown content that is later rendered and pasted into a browser. 1. Ingestion points: Markdown files processed in scripts/md-to-html.ts and scripts/x-article.ts. 2. Boundary markers: Content is parsed using standard Markdown delimiters without additional security-specific isolation markers. 3. Capability inventory: The skill can control a browser session (via CDP), download external files, and execute system commands for UI interaction. 4. Sanitization: Markdown is parsed using the established marked library, and user-provided image URLs are processed through an MD5 hashing routine for local file naming.
Audit Metadata