mono-cli
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @kyaukyuai/mono-cli NPM package as a prerequisite for functioning.- [COMMAND_EXECUTION]: The skill provides instructions for executing a wide range of mono CLI commands to perform administrative tasks, including authentication, content management, and profile updates.- [DATA_EXFILTRATION]: The skill includes capabilities to transmit local data and configuration to external endpoints. This includes the mono upload command for sending local images to the platform and the --base-url flag which allows overriding the API target. It also references the storage and use of authentication tokens in the tool's local configuration file at ~/.mono/config.json.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to the way it processes external data.
- Ingestion points: Untrusted data is ingested via --json-data arguments, contents of files specified by --json-file, and piped input from stdin in SKILL.md.
- Boundary markers: There are no explicit instructions or delimiters used to separate user-provided data from agent commands or to warn the agent about potentially malicious instructions embedded in the data.
- Capability inventory: The agent has the ability to execute shell commands and perform network operations through the mono CLI tool as described in SKILL.md.
- Sanitization: No sanitization or validation of the ingested JSON payloads is described in the skill documentation.
Audit Metadata