x-article-publisher
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
parse_markdown.pyandcopy_to_clipboard.py) to process user-provided Markdown files and interact with the system clipboard. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of standard third-party Python libraries (
Pillow,pyobjc-framework-Cocoa) from official registries to handle image processing and macOS clipboard integration. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses content from untrusted external Markdown files. Maliciously crafted Markdown could attempt to influence the agent's behavior during the browser automation phase. However, the skill explicitly instructs the agent to never auto-publish and only save drafts, which serves as a significant manual guardrail.
- Ingestion points: Markdown file content parsed by
parse_markdown.py. - Boundary markers: None explicitly defined in the prompt instructions for the agent when handling parsed data.
- Capability inventory: Subprocess execution (Python scripts), file system access (reading Markdown/images, writing to
/tmp), and browser automation (navigating and interacting with x.com). - Sanitization: The Python script performs basic regex-based parsing and HTML conversion, but does not implement comprehensive security sanitization of the input Markdown.
Audit Metadata