x-cmd-system
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill explicitly mentions features that automate or facilitate root access, such as
x smart(root privilege handling automation) andx mac tidsudo(TouchID authentication for sudo). This allows an agent to bypass interactive security prompts. - [Command Execution] (HIGH): The skill enables the agent to modify critical security settings, including firewall configuration (
x mac fw) and SSH server settings (x mac sshd), which could be used to weaken system security or create backdoors. - [Indirect Prompt Injection] (HIGH): The skill creates a dangerous vulnerability surface where the agent processes untrusted external data.
- Ingestion points: The agent reads dynamic data from the environment, such as process lists (
x ps) and network discovery results (x ip map). - Boundary markers: None. There are no delimiters or instructions to treat the output of these tools as untrusted data.
- Capability inventory: The skill provides full 'write' and 'execute' capabilities (sudo, file modification, network configuration).
- Sanitization: None. The agent directly interprets output from these tools.
- [External Downloads] (MEDIUM): The skill requires the
x-cmdCLI, a third-party dependency from an untrusted source (x-cmd.com), to be installed and present on the system. - [Data Exposure] (MEDIUM): Tools like
x ip geoliteandx ip mapfacilitate the discovery and external transmission of network topology and geolocation data.
Recommendations
- AI detected serious security threats
Audit Metadata