x2c-publish
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlcommands to interact with the X2C Open API. It instructs the agent to execute shell-based network requests using environment variables for authentication (X2C_API_KEY) and endpoint configuration. - [DATA_EXFILTRATION]: The skill includes wallet management functionality, specifically the
wallet/withdraw-usdcaction. This allows the agent to transfer digital assets to a specified Solana address. This capability poses a risk if the destination address is manipulated via malicious input from an untrusted source. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes user-provided metadata and transaction parameters without clear sanitization or boundary markers.
- Ingestion points: Metadata fields such as
titleanddescriptionin thedistribution/publishworkflow, and theto_addressparameter in thewallet/withdraw-usdcaction (found in SKILL.md). - Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions for the data being interpolated into API requests.
- Capability inventory: Shell execution of
curlfor API interactions and file uploads to S3 (documented in SKILL.md). - Sanitization: None; the skill does not include steps to validate, escape, or filter external data before it is included in network payloads.
Audit Metadata