genesys-cli
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of the 'genesys-cli' tool from the NPM registry via 'npm install' or 'npx'.
- [COMMAND_EXECUTION]: The skill relies on shell command execution to interact with the Genesys Cloud Platform API through the 'genesys-cli' tool.
- [CREDENTIALS_UNSAFE]: The documentation for the 'config add' command includes an example that passes a client secret as a command-line flag ('--client-secret '). This practice is insecure as command arguments can be logged in shell history and are visible in system process lists. Notably, the documentation explicitly warns against this practice in text but provides an example that performs it.
- [DATA_EXFILTRATION]: The skill accesses and manages sensitive configuration files and audit logs located at '
/.genesys-cli/config.json' and '/.genesys-cli/audit.jsonl'. While this is functional for the tool, these paths contain sensitive authentication material. - [PROMPT_INJECTION]: The skill retrieves data from external sources (Genesys Cloud), including conversation logs, external contact details, and audit history. This data could contain malicious instructions designed to manipulate the agent's behavior when processed.
- Ingestion points: 'external-contacts list', 'conversations detail', and 'audit list' commands.
- Boundary markers: None identified in the prompt instructions to isolate external data from instructions.
- Capability inventory: The agent has the ability to execute shell commands and modify local configuration via 'genesys-cli'.
- Sanitization: No sanitization or validation of the external content is described before the data is returned to the agent context.
Audit Metadata