inquirerer-cli-building
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for installing the 'inquirerer' library from the npm registry using 'pnpm add'. This library is a vendor-owned resource for 'constructive-io'.
- [COMMAND_EXECUTION]: The library includes functionality to resolve dynamic defaults by executing local commands to retrieve user metadata, such as 'git.user.name', 'git.user.email', and 'npm.whoami'.
- [DATA_EXFILTRATION]: The library's 'resolvers' feature allows the tool to read local system configuration (Git and NPM settings) to automatically populate prompt defaults, which is a common pattern for CLI bootstrapping tools.
- [PROMPT_INJECTION]: The skill describes an interface for ingesting untrusted user input through CLI arguments and interactive prompts. Ingestion points occur in 'SKILL.md' via prompter.prompt and parseArgv. Boundary markers are supported through 'pattern' and 'validate' properties. Capabilities are limited to CLI UI management and argument parsing. Sanitization is supported via the 'sanitize' function property.
Audit Metadata