baoyu-post-to-x
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
spawnandspawnSyncto execute various system-level utilities and scripts, includingosascript(macOS),powershell(Windows),swift,xdotool, andydotool(Linux). These are used to manage the system clipboard and simulate real keystrokes for pasting content into the browser, which is a core function to avoid automation detection. - [EXTERNAL_DOWNLOADS]: The
md-to-html.tsscript includes functionality to download images from HTTPS URLs specified within Markdown content. This is used to process remote images for long-form 'X Articles'. - [PROMPT_INJECTION]: The
SKILL.mdfile contains instructions for the agent to automatically resolve environment issues, such as killing existing Chrome CDP instances and retrying commands if a debug port is not ready. These instructions are functional and specific to the browser automation workflow. - [DYNAMIC_EXECUTION]: Several scripts (e.g.,
check-paste-permissions.tsandcopy-to-clipboard.ts) dynamically generate and execute small Swift or PowerShell scripts to interact with platform-specific system APIs (likeAppKitfor clipboard management). This behavior is intended for the primary purpose of cross-platform automation.
Audit Metadata