opencli
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs environment checks and executes automation tasks using the local opencli binary as part of its core functionality.
- [EXTERNAL_DOWNLOADS]: The skill instructions include installing the @jackwener/opencli package from the NPM registry and downloading an extension from the tool's repository.
- [DATA_EXFILTRATION]: The documentation explicitly mentions that OpenCLI reuses existing Chrome login cookies and session states, which is necessary for the stated purpose of browser automation.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. Ingestion points: Data from external sites like YouTube and Reddit are processed via opencli outputs (SKILL.md). Boundary markers: None are specified to separate tool output from instructions. Capability inventory: The skill can execute local commands and install packages via npm. Sanitization: No sanitization is performed on external data before it is processed by the agent.
Audit Metadata