adv-cli
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or security risks were identified in the skill. The instructions are purely documentation for a legitimate CLI tool.
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
advcommand-line tool. These commands are standard for managing e-commerce data and do not require elevated system privileges or execute arbitrary code from untrusted sources. - [PROMPT_INJECTION]: The skill defines an interface for retrieving data from external APIs and files, which is a potential surface for indirect prompt injection.
- Ingestion points: Data retrieved from the Advance Commerce API (e.g., product searches, customer details) and imported from local CSV/JSON files.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided.
- Capability inventory: The agent is authorized to use the
advCLI to fetch and update commerce data. - Sanitization: No sanitization or validation of the API responses is specified within the skill instructions.
Audit Metadata