Skills
skills/tuziapi/tuzi-skills/tuzi-skills-bundle/Gen Agent Trust Hub

tuzi-skills-bundle

Fail

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill dynamically downloads and executes JavaScript modules from a third-party CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) to handle syntax highlighting for different programming languages. This implementation bypasses standard package management and allows for the execution of unverified remote code.
  • [CREDENTIALS_UNSAFE]: A hardcoded Bearer token for the X (Twitter) Web App API is present in skills/tuzi-danger-x-to-markdown/scripts/constants.ts. While this is a generic token used by the service, hardcoding authentication secrets is a risky practice.
  • [DATA_EXFILTRATION]: Multiple components (tuzi-danger-gemini-web, tuzi-danger-x-to-markdown) automate the extraction of active session cookies (e.g., __Secure-1PSID, auth_token) from the user's browser and persist them in local JSON files. While used for the primary purpose of interfacing with these services, the presence of plain-text authentication tokens on disk increases the risk of credential theft if the local environment is compromised.
  • [COMMAND_EXECUTION]: The skill frequently spawns subprocesses to execute system-level commands and external tools, including ffmpeg for video processing, and automation tools like osascript (macOS), xdotool, and ydotool (Linux) to simulate system-wide keystrokes for bypassing browser paste restrictions.
  • [PROMPT_INJECTION]: The toolkit contains several features that ingest arbitrary web content from user-provided URLs or social media statuses. This untrusted data is directly incorporated into prompts for subsequent AI generation tasks (such as creating infographics or comics) without the use of clear delimiters or instructions to ignore embedded commands, making the system vulnerable to indirect prompt injection.
  • [EXTERNAL_DOWNLOADS]: The documentation and pre-flight check scripts recommend installing the Bun runtime using a piped-to-bash command (curl -fsSL https://bun.sh/install | bash). While Bun is a well-known service, executing remote shell scripts is a high-risk operation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 22, 2026, 02:41 PM