x2c-publish
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from external sources, including X2C API responses (categories, project lists, and statuses) and user-provided media URLs. No explicit boundary markers or sanitization logic are defined to prevent potential instructions embedded in this untrusted data from influencing the agent's behavior. The agent's ability to execute shell commands and perform network operations increases the potential impact of such an injection.
- [DATA_EXFILTRATION]: The script reads sensitive API keys from local configuration files (credentials/{USER_ID}.json) and transmits them to the vendor's API endpoint on Supabase for authentication. While this involves reading and sending credentials, it is the intended primary function of the skill for multi-user support and occurs over a secure HTTPS connection.
- [COMMAND_EXECUTION]: The skill directs the agent to execute Node.js scripts and curl commands to facilitate API interactions and file uploads to S3-compatible storage (s3api.arkfs.co). These operations are core to the skill's functionality and are documented clearly in the provided instructions.
Audit Metadata