baoyu-danger-x-to-markdown
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted content from X.com/Twitter.com which creates a vector for Indirect Prompt Injection. A malicious tweet could include instructions aimed at overriding the agent's behavior. * Ingestion points: x.com and twitter.com URLs via SKILL.md. * Boundary markers: None identified in the provided instructions. * Capability inventory: Shell command execution (cat, test), script execution (npx), and file writing (-o). * Sanitization: No sanitization logic described for handling tweet content before Markdown conversion.
- Command Execution (MEDIUM): The skill relies on several shell commands (cat, test) to manage its state and check for EXTEND.md configurations across multiple filesystem paths. If these paths were to be influenced by untrusted input, it could lead to unauthorized file access.
- External Downloads (MEDIUM): The use of 'npx -y bun' triggers an automated download and execution of the Bun runtime if it is not already present in the environment.
Recommendations
- AI detected serious security threats
Audit Metadata