endor
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent on how to execute commands using the
endorctlCLI tool. This includes usingnpx -y endorctlas a fallback when standard tool interfaces are unavailable. This is documented as the vendor's primary method for operations. - [EXTERNAL_DOWNLOADS]: The instructions include the use of
npx, which downloads and runs the vendor's package from the NPM registry. This is a standard deployment pattern for the specified utility. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill processes user intent from natural language queries (e.g., "check my security", "help with this dependency").
- Boundary markers: No specific delimiters are defined in this routing file to isolate user input from instructions.
- Capability inventory: The skill performs routing to other specialized sub-skills and generates command-line suggestions for user execution.
- Sanitization: No explicit input sanitization or validation logic is present in this high-level routing instruction.
Audit Metadata