atxp
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npx atxp@latestto download and execute the vendor's command-line interface from the npm registry at runtime. This is the primary execution mechanism for all provided tools. - [COMMAND_EXECUTION]: Functionality is implemented through subprocess calls to the
atxpCLI. These commands facilitate interaction with the vendor's infrastructure for search, communications, and media creation. - [DATA_EXFILTRATION]: Tools like
email sendandphone send-smsallow for data transmission to external parties. The skill provides clear exfiltration guardrails, instructing the agent to never transmit sensitive credentials or configuration data. - [PROMPT_INJECTION]: The skill ingests untrusted data from multiple sources. A mandatory evidence chain analysis reveals:
- Ingestion points: Web search results, X/Twitter posts, inbound emails, SMS messages, and call transcripts (SKILL.md).
- Boundary markers: The skill instructs the agent to wrap untrusted output in
[BEGIN UNTRUSTED CONTENT]delimiters. - Capability inventory: Subprocess calls (
npx), email sending, and phone operations are available throughout the skill. - Sanitization: Instructions explicitly forbid passing untrusted content to shell interpreters or executing directives embedded in external content.
- [CREDENTIALS_UNSAFE]: The skill manages an authentication token (
ATXP_CONNECTION) stored in~/.atxp/config. It provides comprehensive guidance on protecting this secret from exposure in logs, commands, or outbound messages.
Audit Metadata