adhx
Fail
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The manual installation method downloads a skill definition file from an unverified GitHub repository (
itsmemeworks/adhx) directly into the agent's skill configuration directory (~/.claude/skills/). This allows an untrusted source to provide instruction-based payloads that the agent loads and executes. - [COMMAND_EXECUTION]: The skill instructs the agent to execute the
curlcommand usingusernameandstatusIdextracted from user-provided URLs. This creates a vulnerability to command injection if the agent does not properly sanitize these inputs before execution in the shell. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from X/Twitter posts without safety controls.
- Ingestion points: Data is fetched from the
adhx.comAPI response (identified inSKILL.md). - Boundary markers: There are no markers or instructions to delimit untrusted content from system instructions.
- Capability inventory: The agent utilizes shell command execution via
curland file system access. - Sanitization: No validation or sanitization of the external content is mentioned or implemented.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/itsmemeworks/adhx/main/skills/adhx/SKILL.md - DO NOT USE without thorough review
Audit Metadata