ask-user-questions
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute the 'auq' package using 'npx', which downloads and runs external code from the npm registry at runtime.
- [EXTERNAL_DOWNLOADS]: Fetches the 'auq' package from the npm registry, which is a well-known public repository.
- [COMMAND_EXECUTION]: The skill relies on shell command execution to invoke the 'auq' CLI tool and pipe JSON data for processing.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted user input via the interactive TUI, specifically allowing 'Other' custom text input.
- Ingestion points: User responses gathered by the 'auq' tool are returned to the agent context.
- Boundary markers: No delimiters or specific instructions are provided to the agent to treat these responses as untrusted content.
- Capability inventory: The skill has the capability to execute shell commands via 'npx'.
- Sanitization: No input validation or escaping mechanisms are described for handling user-provided strings.
Audit Metadata