icp-cli
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents installation methods for icp-cli and ic-wasm using shell scripts downloaded from official GitHub releases. While these scripts are piped directly to the shell, the source is verified as the author's official repository path.\n- [EXTERNAL_DOWNLOADS]: The skill fetches build recipes and tool binaries from official vendor repositories on GitHub and installs necessary SDK components from the npm registry. These external references are restricted to well-known and verified vendor infrastructure.\n- [COMMAND_EXECUTION]: Provides Vite configuration templates that include the use of execSync to query the local CLI for network status and canister identifiers. This is a standard pattern for local development environment setup.\n- [PROMPT_INJECTION]: The skill processes project-specific data which represents a surface for indirect prompt injection.\n
- Ingestion points: Project configuration (icp.yaml), Motoko package definitions (mops.toml), and Candid interface files (.did).\n
- Boundary markers: No explicit delimiter-based boundary markers are defined in the instructions for data processing.\n
- Capability inventory: Execution of arbitrary CLI commands via the icp tool and shell command execution within generated dev server scripts.\n
- Sanitization: No specific sanitization logic is identified for external file content.
Audit Metadata