btca-cli
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to install a global package via 'bun add -g btca'. This package is not from a recognized trusted source and could potentially contain malicious code.
- COMMAND_EXECUTION (LOW): The skill utilizes several CLI commands ('btca init', 'btca connect', 'btca add') to operate. While expected for a CLI-focused skill, it represents a broad capability surface.
- DATA_EXPOSURE (LOW): The skill's primary function is to index local directories and configuration files ('~/.config/btca/btca.config.jsonc'), which involves reading potentially sensitive local information.
- INDIRECT_PROMPT_INJECTION (LOW): The skill acts as a surface for processing untrusted data.
- Ingestion points: 'btca add' command for external Git repositories and local directories.
- Boundary markers: Absent in the instructions.
- Capability inventory: CLI execution and file system access for resource management.
- Sanitization: Not explicitly addressed in the skill definition.
Audit Metadata