CreateCLI
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
curlto interact with a local notification service (http://localhost:8888/notify). This is used solely for voice notifications to update the user on the progress of CLI generation and modification workflows.\n- [COMMAND_EXECUTION]: The skill performs validation of generated code by setting executable permissions usingchmod +xand executing the resulting script with the--helpflag. This ensures the output is functional before reporting success to the user.\n- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it is designed to load and apply instructions from a local customization directory (~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/CreateCLI/).\n - Ingestion points: The
SKILL.mdfile specifies that the agent should load and applyPREFERENCES.mdor other configuration files from a user-controlled local path.\n - Boundary markers: Absent. The skill does not implement specific delimiters or 'ignore' instructions to isolate the content of customization files from the agent's core operational logic.\n
- Capability inventory: Across its workflows, the skill can execute shell commands (
curl,chmod, script execution), perform file system operations (read/write/ls), and generate new executable scripts.\n - Sanitization: Absent. Information retrieved from the customization files is integrated into the agent's context and logic without explicit validation, filtering, or sanitization.
Audit Metadata