x-git

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill examples explicitly show tokens passed inline as command arguments (e.g., x gh --cfg token=<github-token>), which encourages the agent to request and embed secret values verbatim in generated commands, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The list includes multiple links on an unknown/unvetted domain (x-cmd.com) that appears to host CLI modules and could deliver installers or scripts to be executed (high-risk vector), while the other links are legitimate token/settings pages but do not mitigate the risk of downloading/running code from the untrusted x-cmd domain.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the skill fetches and interacts with public, user-generated content from code hosting sites (e.g., GitHub, GitLab, Codeberg) via commands like "x gh repo clone", "x gh search", "x gh browse" and repository/issue/PR operations, so the agent will read and act on untrusted third-party content that could contain instructive payloads.