listenhub-cli
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automatically installs the
@marswave/listenhub-clipackage from the NPM registry if it is not found on the system. This package is recognized as an official tool from the skill's author. - [COMMAND_EXECUTION]: Shell commands are used to manage the local environment, specifically checking authentication status via
listenhub auth statusand initiating login vialistenhub auth login. The instructions direct the agent to perform these installations and configurations silently, bypassing standard user review and confirmation for software deployment. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core functionality of parsing user-provided content and external URLs to determine routing logic.
- Ingestion points: Untrusted data enters the context through user messages and content extracted from external URLs during the 'parse URL' and 'extract content' workflows.
- Boundary markers: The routing instructions lack explicit delimiters or safety warnings to prevent the agent from being influenced by instructions embedded within the processed external data.
- Capability inventory: The skill environment possesses the ability to execute shell commands (
npm,listenhub) and influence the downstream selection of specialized AI skills. - Sanitization: There is no evidence of sanitization, validation, or filtering of external content before it is used to drive the agent's intent recognition and routing decisions.
Audit Metadata