acpx
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute the 'acpx' CLI tool to interact with coding models like Codex and Claude.
- [COMMAND_EXECUTION]: A Python script is provided as an example to poll session status, which utilizes 'subprocess.run' to execute shell commands including 'acpx' and 'git'.
- [PROMPT_INJECTION]: The skill reads from external files using the '-f' flag and passes the content to a coding agent, creating an indirect prompt injection vector.
- Ingestion points: File content passed via the '-f' flag in 'acpx prompt' commands.
- Boundary markers: None identified in the provided command examples.
- Capability inventory: The 'acpx' tool manages coding agents that can modify code; the skill also demonstrates arbitrary command execution via Python's 'subprocess' module.
- Sanitization: No sanitization or validation of the input file content is specified.
- [COMMAND_EXECUTION]: The use of the '--approve-all' flag in 'acpx' commands bypasses manual confirmation for actions performed by the agent, increasing the potential impact of malicious instructions received via indirect prompt injection.
Audit Metadata