demo-cli
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill (SKILL.md, references/workflow.md) instructs users to download and install the
python-cli-demopackage from PyPI and an unverified GitHub repository (github.com/username/python-cli-demo), which lacks verifiable ownership or trust. - [REMOTE_CODE_EXECUTION]: The instructions facilitate remote code execution by providing commands to install software directly from an external Git repository (
pip install git+https://github.com/username/python-cli-demo.git). - [COMMAND_EXECUTION]: In the troubleshooting section of
references/workflow.md, the skill recommends usingsudofor package installation on Linux/macOS. This encourages users to grant elevated permissions to an external installation process, which is a significant security risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-provided input via CLI arguments (e.g.,
demo-cli hello [name]) and executes them throughsubprocess.runwithout sanitization. - Ingestion points: Command line arguments for
demo-clidocumented inSKILL.mdandreferences/workflow.md. - Boundary markers: None present in the provided examples.
- Capability inventory: The skill uses
subprocess.runto execute commands on the host system. - Sanitization: No input validation or escaping logic is included in the implementation examples.
Recommendations
- AI detected serious security threats
Audit Metadata