alexa-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to install a binary from an untrusted GitHub repository ('buddyh/alexa-cli'). This source is not on the list of trusted external providers and has not been verified.
- [COMMAND_EXECUTION] (HIGH): The skill executes shell commands using user-provided text for 'speak', 'command', and 'ask' parameters. A malicious user or an indirect prompt injection attack could inject shell metacharacters (e.g., ';', '&&', '|') to execute unauthorized arbitrary commands on the host system.
- [DATA_EXFILTRATION] (MEDIUM): The 'alexacli history' command allows the agent to retrieve logs of previous voice interactions. This represents a sensitive data exposure risk as it may contain private information or credentials spoken near Alexa devices.
- [PROMPT_INJECTION] (HIGH): The skill has a significant Indirect Prompt Injection surface.
- Ingestion points: Untrusted user input is passed to 'alexacli speak', 'alexacli command', and 'alexacli ask'.
- Boundary markers: None. No delimiters or instruction-ignore markers are used for user content.
- Capability inventory: Physical device control (smart home), audio announcements (TTS), and retrieval of interaction history.
- Sanitization: No sanitization or escaping of the user-provided strings is mentioned in the skill definition.
Recommendations
- AI detected serious security threats
Audit Metadata