Description-Behavior Mismatch
High
- Confidence
- 96% confidence
- Finding
- The skill is presented as secure networking/messaging infrastructure, but it explicitly exposes remote command execution on peer machines via `x0x exec` and `/exec/run`. Even though the docs describe trust and ACL gating, remote exec materially expands the skill from transport into code execution, which is a high-risk capability that can enable lateral movement or arbitrary action on trusted peers if misconfigured or invoked by an agent without adequate user oversight.
