x-cmd
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Provides an installation option using
curl -fsSL https://get.x-cmd.com | sh, which executes a remote shell script from the vendor's domain. - [EXTERNAL_DOWNLOADS]: Fetches core binaries, tools, and package metadata from the vendor's GitHub repository (
github.com/x-cmd/release) and established services likeconda.prefix.dev. - [COMMAND_EXECUTION]: Instructs the agent to source a local initialization script (
. ~/.x-cmd.root/X) to configure the shell environment and PATH. - [COMMAND_EXECUTION]: Uses a dedicated package manager (
x env useorx pixi use) to download and execute various CLI tools and development environments. - [PROMPT_INJECTION]: The skill processes external tool outputs and reads from remote configuration files, which constitutes a surface for potential indirect prompt injection.
- Ingestion points: Reads tool outputs and remote metadata from
https://x-cmd.com/llms.txtinSKILL.md. - Boundary markers: None identified in the provided instructions.
- Capability inventory: Subprocess calls for package installation (
x env use,x pixi use) and shell execution across all scripts. - Sanitization: No explicit sanitization or validation of the remote content is described.
Audit Metadata