Skills
skills/xfstudio/skills/baoyu-post-to-x/Gen Agent Trust Hub

baoyu-post-to-x

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The file scripts/paste-from-clipboard.ts is vulnerable to AppleScript injection on macOS. The --app parameter is used to build an AppleScript command string without sanitization. An attacker could craft a malicious application name containing quotes and newlines to execute arbitrary AppleScript, which in turn can execute shell commands via the do shell script command or by interacting with other applications like Terminal.\n
  • Evidence: Functions activateApp and pasteMac in scripts/paste-from-clipboard.ts interpolate the appName variable directly into the script string: tell application \"${appName}\" without escaping.\n- COMMAND_EXECUTION (MEDIUM): The skill makes extensive use of OS-level automation tools (osascript on macOS, powershell on Windows, xdotool on Linux) to perform actions like sending keystrokes. These tools are used to bypass browser automation detection but grant the skill the ability to interact with the host operating system outside the browser environment.\n- EXTERNAL_DOWNLOADS (LOW): The documentation and utility scripts frequently use npx -y bun, which causes the bun runtime to be downloaded from the npm registry if it is not already available on the system. This introduces a runtime dependency on an external source.\n- CREDENTIALS_UNSAFE (MEDIUM): The skill stores sensitive browser data, including X.com session cookies, in a persistent user data directory (~/.local/share/x-browser-profile). While required for persisting logins and bypassing 2FA on every run, this directory represents a target for local data theft, as it contains full access credentials for the user's X account.\n- REMOTE_CODE_EXECUTION (MEDIUM): The skill documentation refers to several missing scripts (md-to-html.ts, copy-to-clipboard.ts) that handle content conversion and image downloading. The lack of visibility into these components, especially the logic for 'automatically downloading remote images' mentioned in references/articles.md, represents an unverified risk surface where additional vulnerabilities might exist.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:26 PM