Skills
skills/casualsecurityinc/xno-skills/Convert XNO Units/Gen Agent Trust Hub

Convert XNO Units

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to run npx xno-skills, which downloads and executes a package from the public NPM registry at runtime. The source of this package is not a recognized trusted organization.
  • [COMMAND_EXECUTION]: The conversion logic relies on shell command execution. By interpolating user-provided variables like <amount> directly into a command string (npx xno-skills convert <amount> ...), the skill is vulnerable to command injection if a user provides input containing shell metacharacters (e.g., ;, &, or backticks).
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing untrusted user data used in sensitive operations.
  • Ingestion points: User-provided amount and unit strings in the conversion request.
  • Boundary markers: None provided in the command templates to separate data from instructions.
  • Capability inventory: Subprocess execution via npx (SKILL.md).
  • Sanitization: No technical sanitization or escaping logic is implemented; the skill relies on natural language descriptions of validation rules.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 08:33 AM