Skills
skills/phrazzld/claude-config/cli-reference/Gen Agent Trust Hub

cli-reference

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill provides the agent with specific command recipes for high-impact infrastructure operations. These commands allow for direct modification of production environments with no human-in-the-loop validation.
  • Evidence: Templates for gh pr merge --squash, vercel env add KEY production, and stripe -p production products create.
  • [DATA_EXFILTRATION] (MEDIUM): The skill includes commands designed to extract sensitive configuration data and write to local environment files, exposing them to the agent context.
  • Evidence: vercel env ls | grep production lists production secrets, and echo '...' >> .env.local modifies sensitive local configuration files.
  • [PROMPT_INJECTION] (HIGH): The skill establishes an indirect prompt injection surface by bridging untrusted data (like PR descriptions or env values) to powerful CLI tools.
  • Ingestion points: The value in environment variable templates and title/body in GitHub CLI commands.
  • Boundary markers: Absent. No delimiters or instructions to ignore embedded commands are provided.
  • Capability inventory: Subprocess execution of gh, vercel, stripe, sentry-cli, npx, and curl.
  • Sanitization: Absent. The templates use printf or quotes which do not prevent high-level instruction injection in the processed text.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill relies on npx for executing certain tools, which involves runtime package acquisition from external registries.
  • Evidence: npx convex env set downloads and executes the convex package at runtime.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:09 PM