autocli
Fail
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install its core dependency using a dangerous execution pattern:
curl -fsSL https://raw.githubusercontent.com/nashsu/AutoCLI/main/scripts/install.sh | sh. This executes unverified remote code directly in the user's shell environment.\n- [PROMPT_INJECTION]: The skill exhibits an extensive surface for Indirect Prompt Injection (Category 8) due to its core functionality of fetching content from dozens of third-party platforms.\n - Ingestion points: Untrusted data is retrieved from platforms like Twitter, Reddit, YouTube, and Bilibili, where content is controlled by external actors.\n
- Boundary markers: Absent; the skill lacks instructions to wrap external content in delimiters or to ignore embedded instructions within the fetched data.\n
- Capability inventory: The skill possesses high capabilities, including executing shell commands, performing browser-based DOM evaluation, and utilizing passthrough commands for GitHub CLI, Docker, and Kubernetes.\n
- Sanitization: No sanitization or validation of the fetched external data is performed before it is processed by the agent.\n- [DATA_EXFILTRATION]: The skill reuses existing Chrome login sessions (cookies and authentication states), accessing sensitive user credentials stored in the browser to facilitate platform interactions without explicit API keys.\n- [COMMAND_EXECUTION]: The skill relies on the execution of the
autoclibinary and provides a 'self-iteration' capability where the agent is instructed to generate, save, and execute new adapter configurations in YAML format at runtime.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nashsu/AutoCLI/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata