Validate XNO Address
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation instructs users to run
npx xno-skills, which triggers an automatic download and execution of thexno-skillspackage from the public npm registry. This package is not associated with a trusted organization or the skill author's established naming patterns, representing an unverified external dependency. - [COMMAND_EXECUTION]: The skill provides examples for command-line execution where user-provided addresses are interpolated into a shell command (
npx xno-skills validate <address>). This pattern is vulnerable to command injection if an agent or automated script does not escape the address parameter before execution. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing external data (XNO addresses) through system-level CLI commands.
- Ingestion points: The
<address>parameter in the CLI validation and QR generation examples withinSKILL.md. - Boundary markers: Absent; there are no instructions or delimiters provided to protect the shell command from malicious input within the address string.
- Capability inventory: The skill utilizes subprocess execution via the
npxcommand. - Sanitization: No sanitization or validation steps are documented to ensure that the input string is a valid address before it is passed to the system shell.
Audit Metadata