x-env
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads installation scripts and binary packages from vendor-owned domains (https://get.x-cmd.com) and well-known services (https://github.com/x-cmd/release, https://conda.prefix.dev).
- [REMOTE_CODE_EXECUTION]: The installation guide includes a pattern to pipe a remote script to a shell (curl | sh). The author explicitly warns against this for sensitive environments and provides safer alternatives.
- [COMMAND_EXECUTION]: The skill executes various subcommands under the x env umbrella to manage software packages (e.g., use, try, upgrade).
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface when processing output from third-party tools. 1. Ingestion points: command results from package list and search functions (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls via the x env command set (SKILL.md). 4. Sanitization: Absent.
Audit Metadata