packx
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill prompts for the global installation of an external package via
npm install -g packx. This introduces a dependency on a third-party package that is not part of the trusted sources list, posing a potential supply chain risk. - COMMAND_EXECUTION (LOW): The skill is centered around executing the
packxcommand-line utility with various flags and shell redirection. - SYSTEM_LIMIT_BYPASS (LOW): The documentation explicitly instructs the agent to use
stdout > file.mdinstead of the tool's built-in output flag to 'avoid triggering WriteFile hook size limits'. This is a deliberate instruction to bypass environment-level security or monitoring hooks intended to regulate file operations. - INDIRECT_PROMPT_INJECTION (LOW): The skill's primary purpose is to ingest untrusted data (source code) into the agent's context, creating a surface for indirect prompt injection.
- Ingestion points: Any local file path provided to the tool (e.g.,
src/). - Boundary markers: The tool uses XML format by default, but the skill lacks explicit 'ignore embedded instructions' warnings for the agent when processing the resulting bundle.
- Capability inventory: File system read access, clipboard write access (
-c), and shell redirection. - Sanitization: No sanitization of the bundled content is performed before it is presented to the agent.
Audit Metadata