adhx
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform shell commands (
curl) using parameters (username,statusId) extracted from user-provided URLs. This pattern is susceptible to command injection if the extracted components contain shell metacharacters and are not properly sanitized or quoted before being passed to the shell. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for manual installation by downloading its own definition from a third-party GitHub repository (
itsmemeworks/adhx). This repository is hosted on a well-known service but is external to the identified author's namespace. - [DATA_EXFILTRATION]: Extracted Twitter identifiers (usernames and status IDs) are transmitted to an external service (
adhx.com). This is the intended behavior of the skill but involves sending user-provided identifiers to a third-party API not identified as a vendor resource. - [PROMPT_INJECTION]: The skill reads and processes the content of external X/Twitter posts and long-form articles. This creates an indirect prompt injection surface where malicious instructions within the fetched content could influence the agent's behavior.
- Ingestion points:
adhx.comAPI response content (referenced in SKILL.md). - Boundary markers: Absent; instructions do not include delimiters to isolate or warn the agent about untrusted data.
- Capability inventory: Shell command execution via
curland file-writing via installation instructions. - Sanitization: None mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/itsmemeworks/adhx/main/skills/adhx/SKILL.md - DO NOT USE without thorough review
Audit Metadata