splitwise-cli
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides a command to download an installation script from the author's official GitHub repository (https://raw.githubusercontent.com/oristides/splitwisecli/main/install.sh).
- [REMOTE_CODE_EXECUTION]: The installation instructions utilize a pipe-to-shell pattern (curl | sh) to execute the remote installation script, which is a standard delivery method for the vendor's CLI binary.
- [COMMAND_EXECUTION]: The skill operates by executing subcommands of the
splitwiseclitool in the shell to manage expenses, groups, and friend balances. - [CREDENTIALS_UNSAFE]: The tool guides users to obtain and store Splitwise API credentials in a local configuration file (~/.config/splitwisecli/config.json) with restrictive file permissions (0600).
- [PROMPT_INJECTION]: The skill processes data from external tool outputs, creating a theoretical surface for indirect prompt injection via malicious expense descriptions or friend names, though no direct exploitation vectors are present in the skill code.
Audit Metadata