Skills
skills/x-cmd/skill/x-cmd-network/Gen Agent Trust Hub

x-cmd-network

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill provides wrappers for nmap, arp, dns, and route. This allows the agent to execute arbitrary network scans and modify system-level network configurations. Subprocess calls are made to the x binary which further executes these utilities.
  • DATA_EXFILTRATION (HIGH): Access to nmap allows for scanning internal networks. The ability to read ARP tables and routing information exposes internal network topology. The tping utility uses curl, which can be used to send internal data to external endpoints.
  • INDIRECT PROMPT INJECTION (HIGH): Mandatory Evidence Chain: 1. Ingestion: Processes data from external network entities (DNS responses, ARP tables) via x dns current and x arp. 2. Boundary markers: Absent. 3. Capability inventory: x nmap, x dns set, x route (high-privilege write/recon). 4. Sanitization: Absent. Maliciously crafted network data could influence agent behavior or exploit parsing logic in the TUI visualizers.
  • EXTERNAL_DOWNLOADS (LOW): Relies on the x-cmd ecosystem and external binaries like nmap. Documentation links to x-cmd.com, which is an external, non-whitelisted domain.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 05:40 PM