use-acpx
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the 'acpx' CLI globally via npm and utilizes several external agents fetched at runtime using 'npx'.
- Recommended installation: 'npm i -g acpx'.
- External agents: 'pi-acp', 'opencode-ai', '@kilocode/cli', and '@zed-industries/codex-acp'.
- [REMOTE_CODE_EXECUTION]: The use of 'npx' to execute unversioned third-party packages at runtime presents a risk if package sources are compromised. Additionally, the '--agent' flag functions as an escape hatch allowing the execution of arbitrary shell command strings.
- Example: 'acpx --agent ./my-custom-acp-server'.
- [COMMAND_EXECUTION]: The skill is centered around the execution of bash commands to interact with the ACP protocol. It includes examples of running local scripts through tools like 'node' and 'env'.
- Reference example: 'node scripts/run-node.mjs'.
- [DATA_EXFILTRATION]: The CLI manages sensitive session history and metadata in the user's home directory ('~/.acpx/sessions/'). Configuration files can store authentication credentials in an 'auth' map.
- Credential storage: '~/.acpx/config.json' and '.acpxrc.json'.
- [PROMPT_INJECTION]: The skill contains 'CRITICAL' instructions that override the agent's default command execution behavior (requiring 'run_in_background: true'). It also introduces an indirect prompt injection surface as the agent processes output from third-party agents that may contain malicious instructions.
Audit Metadata