xrepo-env
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a script hosted on the vendor's domain (https://xmake.io/shget.text) for tool installation.
- [REMOTE_CODE_EXECUTION]: Documentation for CI environments includes examples of piping a remote shell script directly into bash.
- [COMMAND_EXECUTION]: The skill executes arbitrary user-specified or configuration-specified development tools (e.g., cmake, ninja, python) within managed subshells.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it automatically reads and processes configuration files (xmake.lua) from the local directory.
- Ingestion points: Reads xmake.lua in the current directory and other lua environment files.
- Boundary markers: No delimiters or safety instructions are used when interpolating these files into the tool's execution flow.
- Capability inventory: Ability to execute shell commands, install software packages, and set system environment variables.
- Sanitization: No verification or sanitization of the configuration file content is performed prior to processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://xmake.io/shget.text - DO NOT USE without thorough review
Audit Metadata