cli-ops
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill defines patterns for CLI tools that ingest untrusted data from APIs and user arguments, creating a surface for indirect prompt injection. * Ingestion points: API responses (references/implementation.md) and command-line arguments (references/implementation.md). * Boundary markers: Absent; templates do not include delimiters or instructions to ignore embedded commands. * Capability inventory: Network requests via httpx (references/implementation.md) and file-writing for configuration storage (references/implementation.md). * Sanitization: Absent; relies on basic Typer type validation for user inputs.
- [CREDENTIALS_UNSAFE]: The implementation templates in the references directory provide examples for accessing and storing sensitive credentials. * Evidence: The code demonstrates accessing .env files and the OS keyring via the keyring library (references/implementation.md). It also defines storage paths like ~/.config/mytool/token. * Context: These patterns are provided as educational templates for secure credential management in user-developed applications.
Audit Metadata