baoyu-post-to-x
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Command Execution (HIGH): The script 'scripts/paste-from-clipboard.ts' is vulnerable to AppleScript injection. The '--app' command-line argument is directly interpolated into a template string for an AppleScript that is then executed via 'osascript' on macOS. A malicious actor could provide a crafted application name containing 'do shell script' commands to execute arbitrary code on the host system. Evidence: 'scripts/paste-from-clipboard.ts' lines 42-63.
- External Downloads (LOW): The skill documentation in 'references/articles.md' indicates that remote images referenced in Markdown files are automatically downloaded to a local temporary directory. This behavior can be exploited for Server-Side Request Forgery (SSRF) if the Markdown content comes from an untrusted source. Evidence: 'references/articles.md' section 'Image Handling'.
- Indirect Prompt Injection (LOW): The skill ingests untrusted Markdown data (article.md) and uses it to drive browser-based automation via the 'x-article.ts' workflow. The lack of boundary markers or sanitization of this input creates a surface where instructions embedded in the data could influence the agent's actions in the browser context. Evidence: 'references/articles.md' workflow description.
Recommendations
- AI detected serious security threats
Audit Metadata