x2c-publish

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl commands to interact with the X2C Open API. It instructs the agent to execute shell-based network requests using environment variables for authentication (X2C_API_KEY) and endpoint configuration.
  • [DATA_EXFILTRATION]: The skill includes wallet management functionality, specifically the wallet/withdraw-usdc action. This allows the agent to transfer digital assets to a specified Solana address. This capability poses a risk if the destination address is manipulated via malicious input from an untrusted source.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes user-provided metadata and transaction parameters without clear sanitization or boundary markers.
  • Ingestion points: Metadata fields such as title and description in the distribution/publish workflow, and the to_address parameter in the wallet/withdraw-usdc action (found in SKILL.md).
  • Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions for the data being interpolated into API requests.
  • Capability inventory: Shell execution of curl for API interactions and file uploads to S3 (documented in SKILL.md).
  • Sanitization: None; the skill does not include steps to validate, escape, or filter external data before it is included in network payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 04:20 PM
Security Audit — agent-trust-hub — x2c-publish