google-zx-scripting
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill facilitates shell command execution using the zx template literal. The documentation correctly notes that values are automatically escaped to prevent shell injection.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill examples mention npx zx, which downloads the zx library from the npm registry, a trusted source for this package.
- [DATA_EXFILTRATION] (SAFE): The skill documents the use of standard fetch and fs operations for scripting tasks. No hardcoded secrets or malicious exfiltration patterns were identified.
- [PROMPT_INJECTION] (SAFE): The skill has an Indirect Prompt Injection surface. 1. Ingestion points: stdin, question, argv, and fetch (SKILL.md, core-api.md). 2. Boundary markers: zx template literals. 3. Capability inventory: command execution, file system writes, and network operations. 4. Sanitization: The zx library provides automatic shell-quoting for interpolated variables as a primary defense.
Audit Metadata