cli-creator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection Surface: The skill is designed to ingest and process data from external sources like API documentation, OpenAPI specifications, and web applications to scaffold code. Maliciously crafted source material could potentially influence the behavior of the generated CLI tool.
- Ingestion points: Processes external data from URLs and local files (e.g., OpenAPI JSON, web docs).
- Boundary markers: No specific delimiters or "ignore instructions" markers are mandated for the processing of external documentation.
- Capability inventory: The skill utilizes file system writes, network requests, and the execution of build/installation commands (e.g., cargo, pnpm, pip).
- Sanitization: While the skill correctly identifies the need to redact secrets and tokens, it does not explicitly instruct the agent to sanitize or escape the content of raw documentation before using it as a source for code generation.
- Dynamic Code Generation and Installation: The skill's primary purpose involves generating source code and installing compiled binaries or scripts directly to the user's PATH (e.g.,
~/.local/bin). This involves executing compilers and package managers based on the toolchain found on the machine. - Credential Management Considerations: The instructions provide guidelines for handling API keys and authentication tokens, suggesting the use of environment variables and local configuration files. It specifically advises against hardcoding tokens or printing them in diagnostic output, which is a positive security practice.
Audit Metadata