agents-cli
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill promotes the installation of a package named
google-agents-cliviauvx. As the skill is authored by 'akillness' and not the organization it claims to represent, the origin and security of this package are unverifiable.- [COMMAND_EXECUTION]: The instructions include commands that download and execute code from remote registries, specificallyuvx google-agents-cli setupandnpx skills add google/agents-cli. These commands execute third-party logic with local user permissions.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted inputs (user prompts and test fixtures) which then influence sensitive downstream actions. - Ingestion points: User prompts via
agents-cli runand test fixtures in theevals/directory. - Boundary markers: Absent; no delimiters are used to separate instructions from untrusted data.
- Capability inventory: The toolkit performs cloud deployments (
agents-cli deploy), project scaffolding/file writes (agents-cli scaffold), and platform registration (agents-cli publish). - Sanitization: No evidence of input validation or output filtering is provided.- [PROMPT_INJECTION]: The skill uses deceptive metadata and descriptions, claiming to be an official toolkit from a major cloud provider while being authored by an unrelated individual ('akillness'). This misrepresentation can lead users to incorrectly assume the skill's safety and authority.
Audit Metadata