vx-usage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill defines a surface for indirect prompt injection via the
vx.tomlconfiguration file. Findings include:\n - Ingestion points: The AI agent is instructed to read
vx.tomlto understand project requirements.\n - Boundary markers: None specified in the documentation to distinguish between configuration and embedded instructions.\n
- Capability inventory: The skill allows the agent to execute arbitrary commands through the
vxtool (e.g.,vx run <script>,vx <tool>), install tools, and modify the development environment.\n - Sanitization: No mention of sanitizing or validating the contents of
vx.tomlbefore execution.\n- EXTERNAL_DOWNLOADS (LOW): The skill references external resources for the 'vx' tool from an untrusted source account ('loonghao'). This includes the GitHub repository and Docker images which are not within the defined trusted scopes.\n- REMOTE_CODE_EXECUTION (LOW): The skill provides examples for using the GitHub Actionloonghao/vx@main. Referencing a mutable branch (@main) from an untrusted source constitutes a remote code execution risk where the executed logic can be changed without notification.\n- COMMAND_EXECUTION (LOW): The core functionality relies on the AI agent executing arbitrary system commands via thevxtool. This specifically includes executing user-defined or project-defined scripts (e.g.,vx run dev) which are sourced from the untrustedvx.tomlfile.
Audit Metadata