blackbox
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the @blackboxai/cli package via NPM and provides instructions for cloning the CLI repository from GitHub. These are treated as well-known service components.
- [COMMAND_EXECUTION]: Utilizes the terminal tool to execute shell commands for installing software, managing git repositories, and running the Blackbox CLI agent.
- [DATA_EXFILTRATION]: Transmits source code and task prompts to the Blackbox AI service (blackbox.ai) to generate code implementations. This is the primary function of the skill but involves sending data to an external service.
- [PROMPT_INJECTION]: The skill's 'PR Reviews' workflow creates a surface for indirect prompt injection by processing untrusted data from external repositories. * Ingestion points: Untrusted data enters the context via 'git clone' and 'gh pr checkout' operations in the terminal (SKILL.md). * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when passing PR content to the AI. * Capability inventory: The skill uses 'terminal' and 'process' tools which allow for shell command execution and background task management (SKILL.md). * Sanitization: No validation or sanitization of the external repository content is performed before processing.
Audit Metadata