Skills
skills/creatibi/cli/cbi-script/Gen Agent Trust Hub

cbi-script

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the vendor-provided cbi command-line interface to perform operations such as creating, retrieving, and saving project scripts (e.g., cbi project script-save). This involves the execution of shell commands based on user input and project state.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves script content from an external system and may use that content in subsequent processing steps.
  • Ingestion points: Script content fetched from the project database via cbi project script-get.
  • Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded within the retrieved script content.
  • Capability inventory: Shell command execution via the cbi CLI toolset (create, get, save).
  • Sanitization: There is no evidence of sanitization or safety validation applied to the content fetched before it is processed or re-saved.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:10 AM