fieldtheory-cli-bookmarks
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the "fieldtheory" package from the public npm registry to provide core functionality.
- [COMMAND_EXECUTION]: The skill relies on shell commands (e.g., "ft sync", "ft search") to interact with the local bookmark database. It provides integration examples using "execSync" which, while standard for CLI wrappers, requires careful handling of user-supplied query strings to avoid local command injection.
- [DATA_EXFILTRATION]: The skill accesses sensitive local information, including Chrome browser cookies and OAuth tokens, to authenticate with X/Twitter. This data access is localized and necessary for the bookmark synchronization feature.
- [PROMPT_INJECTION]: The skill processes external content (tweets) which creates a surface for indirect prompt injection if an agent is tasked with summarizing or acting on the retrieved data.
- Ingestion points: The skill reads bookmark data from the local "bookmarks.jsonl" file via the "ft search" and "ft list" commands.
- Boundary markers: No specific delimiters are shown in the integration examples to separate bookmark content from agent instructions.
- Capability inventory: The skill has the ability to execute shell commands and read from the local file system.
- Sanitization: The provided integration examples do not demonstrate sanitization of the external bookmark text before it is processed by the agent.
Audit Metadata