omnivore-cli
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill documents the storage of API tokens in
~/.config/omnivore-api/config.yaml. While standard for CLI tools, this creates a sensitive file on the local filesystem. - [DATA_EXFILTRATION] (LOW): The skill interacts with the external domain
api-prod.omnivore.appto fetch and save user data. This is consistent with its primary purpose but involves transmitting information to a third-party service. - [PROMPT_INJECTION] (LOW): High risk of Indirect Prompt Injection (Category 8).
- Ingestion points:
omnivore get-articlesfetches external content from the web via the Omnivore service. - Boundary markers: None mentioned in the documentation; article content is processed directly.
- Capability inventory: The skill allows command execution and file modification (
omnivore_api/cli.py). - Sanitization: No evidence of sanitization for fetched article content before it reaches the agent context.
- [COMMAND_EXECUTION] (SAFE): The skill executes the
omnivoreCLI tool and provides instructions for the agent to extend its functionality by writing Python code using thetyperlibrary.
Audit Metadata