xget
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Automated scanners have detected a malicious URL (https://xget.xi-xu.me) within the skill's primary infrastructure. This domain is hardcoded as the default host in the skill's operational scripts.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to modify sensitive system configuration files, including ~/.bashrc, ~/.zshrc, and PowerShell profiles. This is a persistence mechanism that modifies the user's environment.
- [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection. It retrieves data from a remote repository (gitcode.com) and directs the agent to 'Default to execution' by running shell commands derived from that content. Evidence Chain: (1) Ingestion points: scripts/xget.mjs fetches README and platform data. (2) Boundary markers: Absent. (3) Capability inventory: The agent is instructed to run shell commands and modify files. (4) Sanitization: None.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to download operational data and configuration from a remote repository, introducing a supply chain dependency where remote changes can influence agent behavior.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata