opencli
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill heavily relies on the external
openclitool for platform interactions. It also includes instructions for the agent to modify its own configuration by writing YAML files containing JavaScript code to~/.opencli/clis/and then executing them. - [REMOTE_CODE_EXECUTION]: The installation instructions require the user to execute
npx @playwright/mcp@latest, which downloads and runs code from a remote registry at runtime. - [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection. It ingests data from 16+ external platforms (untrusted sources) and possesses capabilities to perform authenticated write operations (posting tweets, replies, likes, etc.). Malicious content encountered on these platforms could potentially manipulate the agent into performing unauthorized actions.
- [EXTERNAL_DOWNLOADS]: The skill's functionality is dependent on the installation of external components, specifically the
@jackwener/opencliNPM package and the 'Playwright MCP Bridge' Chrome extension, which are not part of the skill's own codebase.
Audit Metadata