glean-cli-chat
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'glean' CLI tool and the 'jq' utility to interact with the Glean service and process schema information. These are standard operations for this vendor's tooling.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the Glean Assistant service via the CLI to send messages and receive AI-generated responses. This network activity is the primary intended function of the skill.
- [PROMPT_INJECTION]: The skill facilitates an interface for indirect prompt injection. 1. Ingestion points: Untrusted data enters the agent context through the --message flag, --json payload, and potentially documents summarized by the assistant (SKILL.md). 2. Boundary markers: There are no specific delimiters or instructions to ignore embedded commands mentioned in the skill documentation. 3. Capability inventory: The skill primarily streams output to stdout and does not exhibit dangerous local capabilities such as file system modification or arbitrary shell execution. 4. Sanitization: No explicit content validation or escaping of input data is defined.
Audit Metadata