trailsnap-cli
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
trailsnapCLI tool to execute all photographic management and query operations. This includes potentially destructive actions likephotos deleteand file system writes viamedias get --format file --output. - [EXTERNAL_DOWNLOADS]: Installation documentation directs the agent to install the
trailsnap-clipackage from NPM or PyPI. These are legitimate vendor resources provided by the skill's author for the tool's core functionality. - [PROMPT_INJECTION]: The skill processes data retrieved from the TrailSnap API (such as photo descriptions and tags). This presents a surface for indirect prompt injection if the API source were compromised, though no active exploitation is present in the static instructions.
Audit Metadata