Skills
skills/scarletkc/vexor/vexor-cli/Gen Agent Trust Hub

vexor-cli

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill installs the 'vexor' package from PyPI. This package is not from a trusted source, and the skill does not verify its integrity or version before installation. Evidence: 'python -m pip install -U vexor' in 'references/install-vexor.md'.
  • PROMPT_INJECTION (MEDIUM): The skill is vulnerable to indirect prompt injection because it indexes and retrieves snippets from external repository files that may contain malicious instructions. Ingestion points: 'vexor' reads local file contents via 'SKILL.md'. Boundary markers: Absent. Capability inventory: Executes local commands and accesses the filesystem. Sanitization: Absent.
  • COMMAND_EXECUTION (LOW): The skill executes local shell commands using 'vexor' with user-supplied search queries. Evidence: 'vexor ""' in 'SKILL.md'.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 07:35 AM