dr-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill's README recommends installation via 'npx skills add jvPalma/dotrun' and documents the 'dr -col add ' command for fetching collections. As these sources are not from the trusted organization list, they represent unverifiable external downloads. This is marked as LOW because it is the primary intended function of the skill to manage such resources.
- [REMOTE_CODE_EXECUTION] (LOW): The 'Collections' feature documented in the skill allows agents to import and execute code from remote Git repositories. This capability constitutes a remote code execution vector. The severity is reduced to LOW because this behavior is intrinsic to the tool's purpose as a script manager.
- [COMMAND_EXECUTION] (LOW): The core functionality described across all skill files involves the creation and execution of arbitrary shell scripts (e.g., 'dr set ', 'dr '). The skill provides templates that use 'set -euo pipefail' and 'main()' functions, which are best practices for shell scripting safety.
- [PROMPT_INJECTION] (LOW): The skill creates an indirect prompt injection surface by instructing agents to ingest and 'migrate' user-provided shell configuration files such as .bashrc. These untrusted files (ingestion points) could contain malicious instructions designed to bypass agent logic. The instructions include analysis and verification steps but lack explicit sanitization or boundary markers to isolate untrusted content.
Audit Metadata