xget
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions prioritize direct action over instruction, directing the agent to "run the needed shell commands" and "edit the real files" directly for tasks like migration or deployment.\n- [REMOTE_CODE_EXECUTION]: The workflow involves fetching "live README guidance" from a remote repository using
scripts/xget.mjsand subsequently executing shell commands extracted from that content. This creates a bridge where remote content can influence local system execution.\n- [EXTERNAL_DOWNLOADS]: The helper scriptscripts/xget.mjsis configured to download a platform catalog fromraw.gitcode.comand a README file fromraw.githubusercontent.com.\n- [COMMAND_EXECUTION]: The skill instructions include patterns for modifying shell profile files such as~/.bashrc,~/.zshrc, and PowerShell profiles to persist environment variables.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes remote markdown content (from the README) and is instructed to execute commands derived from it.\n - Ingestion points:
scripts/xget.mjsfetchesREADME.mdfrom GitHub.\n - Boundary markers: None identified for the fetched content.\n
- Capability inventory: Shell command execution and file-write capabilities are explicitly granted in
SKILL.md.\n - Sanitization: None; the script only performs string replacement for URLs.
Audit Metadata