helmor-cli
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and commands for the Helmor CLI, which is used for local data and workspace management. All commands identified are part of the documented tool's functionality.
- [INDIRECT_PROMPT_INJECTION]: The skill enables the agent to read external content via
helmor filesandhelmor sessionand perform actions like sending prompts (helmor send) or managing GitHub repositories. This creates a surface for indirect prompt injection where malicious instructions in project files could influence the agent's behavior. - Ingestion points: Content read through
helmor filesandhelmor session. - Boundary markers: None identified in the skill instructions to delimit untrusted file content.
- Capability inventory: File reading/writing, GitHub integration (
helmor github), and dispatching AI prompts (helmor send). - Sanitization: No specific sanitization or validation steps are prescribed for data ingested from the local file system or session history.
Audit Metadata