Skills
skills/x-cmd/skill/crush/Gen Agent Trust Hub

crush

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The documentation describes a 'YOLO mode' (-y or --yolo) that automatically accepts permissions for AI-suggested commands, facilitating automated execution without manual user confirmation.
  • [CREDENTIALS_UNSAFE]: The tool is designed to inherit sensitive API keys (OPENAI_API_KEY and GEMINI_API_KEY) from the system's existing x-cmd configuration modules for OpenAI and Gemini.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests untrusted data from local source code files in the project directory (--cwd). Ingestion points: Local file system files processed during diagnostics or analysis. Boundary markers: Not specified in documentation. Capability inventory: Command execution via the underlying x crush CLI. Sanitization: Not specified in documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 05:40 AM