Skills
skills/junghoonghae/skills/capx/Gen Agent Trust Hub

capx

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of an unofficial CLI tool from a remote Git repository (https://github.com/user/capx).
  • [REMOTE_CODE_EXECUTION]: Code is downloaded and compiled/executed via cargo install, which allows for arbitrary code execution from an unverified source.
  • [CREDENTIALS_UNSAFE]: The tool is designed to programmatically read sensitive authentication tokens from the local Capacities desktop application cookie database.
  • [COMMAND_EXECUTION]: The skill utilizes shell command execution with complex interpolation (e.g., heredocs and subshells), which poses a risk if user-controlled data is not sanitized.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted data from screenshots and external sources.
  • Ingestion points: Text extracted from screenshots and user-provided descriptions.
  • Boundary markers: No delimiters or warnings are used in the command templates.
  • Capability inventory: Significant write and delete capabilities via the capx command.
  • Sanitization: No sanitization of user-provided content before shell execution is documented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 08:03 AM