agent-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the npx command to execute the @agent-analytics/cli tool for managing analytics projects, viewing live statistics, and running experiments.
- [EXTERNAL_DOWNLOADS]: Fetches the @agent-analytics/cli package from the npm registry at runtime to interact with the service's API.
- [PROMPT_INJECTION]: Presents an indirect prompt injection surface where the agent processes data fetched from the external analytics API. 1. Ingestion points: Output from CLI commands like stats, insights, and experiments get. 2. Boundary markers: No explicit markers are used to delimit API data. 3. Capability inventory: The agent has shell access via npx and environment variable access. 4. Sanitization: No data sanitization is performed on results retrieved from the API before being provided to the agent.
- [CREDENTIALS_UNSAFE]: The setup instructions include a login command that accepts the API token as a command-line flag, which can expose the secret to other users on the system via process listings.
Audit Metadata