acpx
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the acpx CLI utility globally from the NPM registry, which is the core tool provided by the author for this skill's functionality.
- [COMMAND_EXECUTION]: The acpx tool is designed to execute AI agent adapters via shell commands, such as npx @zed-industries/codex-acp, and allows for raw command execution through specific flags.
- [EXTERNAL_DOWNLOADS]: It references and downloads several third-party agent adapters from the NPM registry, including official packages from trusted organizations like Zed Industries.
- [PROMPT_INJECTION]: The skill utilizes session prompt templates that interpolate task-specific strings into agent prompts, which represents a surface for indirect prompt injection if the inputs are derived from untrusted external sources.
- [SAFE]: All identified behaviors, including tool installation and agent orchestration, are standard practices for the described workflow and originate from the author's own resources or well-known technology providers.
Audit Metadata