xcli
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
exec-operation.pyandfind-operation.pyexecute thexclicommand-line tool usingsubprocess.run. The implementation correctly uses argument lists rather than shell strings, which mitigates the risk of shell command injection. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes untrusted content from the X API (such as tweets and direct messages). 1. Ingestion points: Untrusted data enters the agent's context through the standard output of
scripts/exec-operation.py. 2. Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate processed data from the agent's command flow. 3. Capability inventory: The skill provides the agent with the ability to execute over 130 X API endpoints, including write operations like posting tweets and sending DMs. 4. Sanitization: There is no evidence of sanitization or escaping of the ingested API response data before it is presented to the agent.
Audit Metadata