cli-anything-dify-workflow
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the dify-ai-workflow-tools package from an external GitHub repository (github.com/Akabane71/dify-workflow-cli.git).
- [EXTERNAL_DOWNLOADS]: Installs the CLI-Anything agent harness from the vendor's GitHub repository (github.com/HKUDS/CLI-Anything.git).
- [REMOTE_CODE_EXECUTION]: Executing code downloaded directly from an unverified third-party repository on the main branch poses a risk of supply chain compromise or execution of unexpected code.
- [COMMAND_EXECUTION]: The skill acts as a wrapper for executing various subcommands (guide, create, inspect, validate, edit, config, etc.) through a CLI harness, involving shell command execution.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes YAML and JSON files defining Dify workflows, which creates a surface for indirect prompt injection.
- Ingestion points: Workflow files are read and processed by the inspect, validate, and edit commands in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions for handling untrusted workflow content are mentioned.
- Capability inventory: The skill has the capability to execute subcommands and perform local file modifications.
- Sanitization: No explicit sanitization or validation logic for the DSL content is documented.
Audit Metadata