mage-remote-run
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides comprehensive guidance for using the
mage-remote-runCLI to manage remote commerce environments, including operations for customers, orders, and products. - [EXTERNAL_DOWNLOADS]: Documentation for the
plugin registercommand is included, which allows the CLI to be extended with external JavaScript plugins. - [REMOTE_CODE_EXECUTION]: The skill describes an interactive
console(REPL) mode that allows for the dynamic execution of JavaScript, which is an intended feature for advanced automation. - [DATA_EXFILTRATION]: The instructions cover the management of sensitive connection profiles, including API tokens and OAuth credentials, and the interaction with remote API endpoints as part of normal store administration.
- [SAFE]: The skill processes data from remote commerce instances (e.g., product descriptions, order comments) which represents a surface for indirect prompt injection; however, this is an inherent risk of the management tool's primary purpose and is documented neutrally.
Audit Metadata