cli-skill-creator
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run shell commands based on user-provided inputs, such as
<cli-tool> --versionor<cli-tool> --help. This poses a risk of command injection if the input is malicious or if the agent executes a harmful binary. It also executes a local Python script (scripts/package_skill.py) to package the generated skill. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and source code from GitHub and
raw.githubusercontent.com. It performsgit cloneoperations on remote repositories to analyze their structure and usage patterns. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, untrusted sources.
- Ingestion points: CLI command outputs, manual pages, and various files from cloned GitHub repositories (README, issues, source code).
- Boundary markers: Not present; the instructions do not require the use of delimiters or specific warnings when the agent handles this external content.
- Capability inventory: The skill has the ability to execute shell commands, perform file system operations, and invoke other automation skills.
- Sanitization: No validation or sanitization of the external content is prescribed before the agent uses it to generate documentation.
Audit Metadata