x-cmd-security
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes output from external sources (Shodan, OSV, KEV) which may contain attacker-controlled content. This content could influence the agent's behavior if it is not properly delimited. * Ingestion points: Output from 'x shodan', 'x osv', and 'x kev' commands. * Boundary markers: None specified in the instructions. * Capability inventory: Network scanning, port discovery, and system package analysis. * Sanitization: None mentioned.
- [Command Execution] (LOW): The skill's primary purpose is to execute CLI commands for security scanning. While these are legitimate tools, they represent powerful capabilities that could be misused if the agent is compromised by malicious input.
- [External Downloads] (LOW): The skill relies on x-cmd, which manages and downloads its own modules/binaries from external sources to perform its functions.
Audit Metadata