bitrefill-cli
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bitrefillCLI tool to perform commerce operations, including searching for products and initiating purchases. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the official vendor package
@bitrefill/clifrom npm or clone the source fromgithub.com/bitrefill/cli. - [CREDENTIALS_UNSAFE]: The skill references and accesses an OAuth token stored in a configuration file at
~/.config/bitrefill-cli/api.bitrefill.com.jsonto authenticate its sessions. - [DATA_EXFILTRATION]: Account and transaction data are sent to the official API at
api.bitrefill.comas part of its core functionality. - [PROMPT_INJECTION]: The skill processes external data such as product descriptions and order history retrieved from the API. Ingestion points:
search-products,get-product-details, andlist-ordersoutputs. Boundary markers: None identified. Capability inventory: Command execution (buy-products), file read/write, and network operations. Sanitization: Not explicitly mentioned.
Audit Metadata