meticulous-cli-download
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
meticulousCLI tool to download artifacts. This is an expected behavior for a tool-integration skill provided by the vendor. - [EXTERNAL_DOWNLOADS]: Fetches session metadata, logs, and test coverage data from the Meticulous platform. These downloads are performed using the official CLI and target the vendor's own infrastructure.
- [CREDENTIALS_UNSAFE]: The skill mentions the use of API tokens for authentication. It correctly uses placeholders or environment variables in examples, which is a safe practice.
- [PROMPT_INJECTION]: The skill downloads log files and metadata from the Meticulous service which are intended for inspection. This creates a potential surface for indirect prompt injection. * Ingestion points: Data is downloaded to the
~/.meticulousdirectory. * Boundary markers: None are specified for the downloaded content. * Capability inventory: Includes themeticulousCLI for artifact management. * Sanitization: No sanitization of the downloaded data is described in the skill instructions.
Audit Metadata