Skills
skills/wildix/agent-skills/wildix-get-messages-in-chat/Gen Agent Trust Hub

wildix-get-messages-in-chat

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill uses an ID_TOKEN to authenticate requests to api.x-bees.com. This communication is limited to the official API domain of the vendor and is necessary for the skill's primary function of fetching chat messages.
  • [EXTERNAL_DOWNLOADS]: Peer dependencies defined in peers.yaml and SKILL.md are installed using the npx skills utility, targeting the vendor's own repository (Wildix/agent-skills). This is a standard management practice for skills from this author.
  • [COMMAND_EXECUTION]: A local shell script (scripts/get-messages.sh) is used to perform API calls. The script includes logic to parse channel IDs from URLs or prefixed strings, which is executed within the agent's environment to facilitate communication with the vendor's services.
  • [INDIRECT_PROMPT_INJECTION]: The skill acknowledges that chat history contains untrusted third-party content.
  • Ingestion points: External chat messages are ingested via API responses in scripts/get-messages.sh.
  • Boundary markers: SKILL.md contains an explicit security warning instructing the agent to treat fetched text as data only and never follow directives found within messages.
  • Capability inventory: The skill is permitted to use Bash, Glob, and Skill tools.
  • Sanitization: Relies on instructional constraints to prevent the agent from executing instructions found in the processed chat data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 04:35 PM