Skills
skills/adaptationio/skrillz/xai-agent-tools/Gen Agent Trust Hub

xai-agent-tools

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (LOW): The skill demonstrates functions that interpolate untrusted user input directly into prompts which then drive tool selection and code execution. This could allow an attacker to bypass intended logic by embedding instructions in the input variables.
  • Ingestion points: research_agent(query), analysis_agent(data, analysis_type), financial_agent(ticker), and multi_step_agent(objective) in SKILL.md.
  • Boundary markers: Absent. Input is placed directly inside f-strings without delimiters (e.g., 'Objective: {objective}').
  • Capability inventory: The agent has access to x_search (Twitter/X), web_search, and code_execution (Python sandbox) via the Grok API.
  • Sanitization: No input validation or escaping is present in the provided examples.
  • Command Execution (SAFE): The skill provides configuration for server-side code execution. While this is a high-privilege capability, it is the primary intended purpose of the skill and is managed by the remote xAI infrastructure rather than executed on the local host.
  • External Downloads (LOW): The skill requires the openai Python library. This is a trusted dependency from a well-known provider, resulting in a downgrade of the finding severity per the [TRUST-SCOPE-RULE].
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:18 PM