halo-shared
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the Halo CLI utility via 'npm install -g @halo-dev/cli'. This package is hosted on the public npm registry and belongs to the recognized vendor 'halo-dev'.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of the 'halo' binary to perform operations such as authentication, profile management, and content manipulation. These actions are consistent with the stated purpose of the developer tool.\n- [PROMPT_INJECTION]: The skill documentation creates a surface for indirect prompt injection by describing commands that ingest untrusted external data.\n
- Ingestion points: 'halo search --url' (fetches content from remote websites) and 'halo single-page import-json' (reads data from local files).\n
- Boundary markers: Absent. No specific delimiters or safety warnings regarding the processing of external output are provided in the skill instructions.\n
- Capability inventory: The skill possesses the capability to execute subprocess commands ('halo') which can modify server state, manage backups, and update configurations.\n
- Sanitization: Absent. The instructions do not mention sanitizing or validating data retrieved from external sources before it is processed by the agent.
Audit Metadata