Skills
skills/b-open-io/prompts/x-user-lookup/Gen Agent Trust Hub

x-user-lookup

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/lookup.sh script is vulnerable to argument injection. The $USERNAME variable, taken from user input, is interpolated directly into a curl command. An attacker can provide a payload with double quotes to inject additional curl flags, potentially hijacking the request or writing to local files.
  • [DATA_EXFILTRATION]: Leveraging the argument injection in scripts/lookup.sh, an attacker could exfiltrate sensitive local files by injecting curl flags like --data-binary pointed at local paths.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1) Ingestion points: The skill fetches untrusted description and name fields from X profiles via scripts/lookup.sh. 2) Boundary markers: No markers are used to isolate the API response. 3) Capability inventory: The agent has bash and network access. 4) Sanitization: The skill does not sanitize or validate the external data before returning it.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 03:57 AM