cli-development-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes user-provided CLI help text and tool output, which are untrusted data sources. * Ingestion points: user-provided CLI commands, help strings, and tool outputs during the audit phase. * Boundary markers: Absent. No specific delimiters or instructions are provided to the agent to isolate or ignore instructions embedded in the user's data. * Capability inventory: the skill instructs the agent to execute a local audit script. * Sanitization: Absent. There is no logic provided to sanitize user-provided CLI names or arguments before processing.
- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute a local python script (scripts/cli_audit.py) against user-provided executables. While this is the intended functionality of the skill, it involves the execution of code from the user's environment which could potentially be malicious if the tool name or arguments are manipulated.
Audit Metadata