btca-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Command Execution] (SAFE): The skill uses the btca CLI to index and query resources.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The tool is designed to fetch content from external sources such as GitHub and npm. While this is intended functionality for the research tool, it involves downloading untrusted material.
- [Indirect Prompt Injection] (LOW): The skill creates an attack surface for indirect prompt injection. Ingestion points: External resources added via btca add and btca ask. Boundary markers: No explicit markers or instructions to ignore embedded commands are provided in the instructions. Capability inventory: The tool accesses the local file system and network. Sanitization: No sanitization or verification of the ingested source content is documented in the skill instructions.
Audit Metadata