openhue
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration specifies the installation of the OpenHue CLI via the Homebrew package manager using the formula
openhue/cli/openhue-cli. - [COMMAND_EXECUTION]: The skill defines several commands that execute the
openhuebinary to list resources and control light states (on/off, brightness, color) and scenes. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it interpolates user-provided data (such as light names or room names) directly into command arguments.
- Ingestion points: User-provided strings for light names, room names, and scene names are used as positional arguments in shell commands in
SKILL.md. - Boundary markers: None present; the skill does not wrap inputs in delimiters or provide specific instructions to the agent to ignore control characters in data.
- Capability inventory: Execution of the
openhueCLI tool via subprocess calls. - Sanitization: No explicit sanitization or validation of input strings is performed within the skill definition.
Audit Metadata