create-cli
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands including 'git config user.name' to detect author identity and various 'cargo' commands such as check, test, clippy, and run to verify the generated project structure.
- [EXTERNAL_DOWNLOADS]: Downloads OpenAPI specifications and documentation from remote URLs using WebFetch to discover endpoints and configuration for well-known services.
- [PROMPT_INJECTION]: Exhibits a surface for indirect prompt injection from processing untrusted API documentation. Ingestion points: Phase 2 Strategies B and C involve fetching remote URL content. Boundary markers: The skill lacks explicit separators to distinguish fetched API content from instructions. Capability inventory: The skill has the ability to delete files via 'rm', write source code, and execute the generated binary using 'cargo'. Sanitization: Documentation extraction relies on string interpolation without robust sanitization of metadata from the API specs.
Audit Metadata