onyx-cli
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions for installing the CLI from source include using
sudoto move the compiled binary to a system path (sudo mv onyx-cli /usr/local/bin/), which executes with elevated privileges. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
onyx-clipackage viapip install, which is a vendor-owned package from the author 'onyx-dot-app'. - [PROMPT_INJECTION]: The skill processes data retrieved from an external knowledge base via the
onyx-cli askcommand, introducing a surface for indirect prompt injection. - Ingestion points: Content is ingested from the Onyx knowledge base through the output of the
onyx-cli askcommand. - Boundary markers: No boundary markers or explicit instructions to disregard embedded commands are used when processing the retrieved content.
- Capability inventory: The skill environment allows for CLI command execution and has access to sensitive configuration via environment variables.
- Sanitization: No sanitization or validation of the data returned from the Onyx knowledge base is described.
Audit Metadata