Skills
skills/wildix/agent-skills/wildix-get-chat/Gen Agent Trust Hub

wildix-get-chat

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from https://api.x-bees.com, which is the official API endpoint for the vendor's x-bees platform. It also references the Wildix/agent-skills repository for peer skill installation, which is a trusted vendor resource.
  • [COMMAND_EXECUTION]: The skill executes a local bash script, get-chat-by-id.sh, to perform network requests and data processing. It also suggests using npx to install peer skills from the vendor's repository.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it retrieves and displays metadata from an external API (such as channel names or member information) which is then processed by the agent.
  • Ingestion points: The RESPONSE from the curl command in scripts/get-chat-by-id.sh is echoed back to the agent.
  • Boundary markers: Absent; the raw JSON response is provided to the agent without delimiters or instructions to ignore embedded content.
  • Capability inventory: The skill has the ability to execute shell commands via the Bash tool.
  • Sanitization: None; the script performs raw output of the API response.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 04:35 PM