codebolt-api-access
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides instructions for executing arbitrary shell commands through the codebolt.terminal module, including support for streaming and persistent processes.
- [EXTERNAL_DOWNLOADS]: The skill details the usage of codebolt.browser, codebolt.crawler, and codebolt.search modules, which allow the agent to fetch and process data from the public internet.
- [NO_CODE]: No executable files or scripts are provided; the skill contains only Markdown documentation files.
- [INDIRECT_PROMPT_INJECTION]: The skill describes an architecture where an agent can read untrusted content from the web and immediately use high-privilege tools like the terminal.
- Ingestion points: references/browser.md, references/crawler.md, and references/search.md provide methods to pull raw HTML or Markdown from URLs.
- Boundary markers: No specific delimiters or safety instructions are provided in the usage examples to prevent the agent from obeying instructions embedded in the retrieved web content.
- Capability inventory: Modules such as codebolt.terminal (shell), codebolt.fs (file system), and codebolt.git (source control) provide broad write and execution access to the host environment.
- Sanitization: The reference documentation does not mention or require sanitization of external data before it is processed by the agent or passed to other modules.
Audit Metadata