Skills
skills/briansunter/anki-ai/anki-ai-cli/Gen Agent Trust Hub

anki-ai-cli

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The workflow examples consistently use npx -y anki-ai, which automatically downloads and executes the package from the npm registry without manual intervention or version pinning.
  • [COMMAND_EXECUTION] (MEDIUM): The skill documentation includes commands for extensive file system interaction, such as importPackage, exportPackage, and storeMediaFile using local paths (e.g., /Users/me/backup/). This grants the agent the capability to read from and write to the host's storage.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The npx -y pattern constitutes a remote code execution risk, as the package content is fetched and executed dynamically. If the package were compromised, the host machine would be at risk.
  • [DATA_EXFILTRATION] (LOW): The exportPackage and sync functionalities, combined with the ability to set a custom ANKI_CONNECT_URL, provide a surface for moving local data to remote locations.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data (URLs and local files) to create notes. If an attacker controls a media URL or file path, they could potentially influence the agent's behavior if it parses content from those sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 05:19 AM