cot-cli
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using the 'cot' utility. This allows for plugin management and system information retrieval, which are high-privilege operations in certain environments.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by processing untrusted user inputs in file paths and package names.
- Ingestion points: File names and package identifiers provided by the user for the 'install', 'unzip', and 'xf' commands.
- Boundary markers: None present; the skill does not use delimiters to isolate user input or include instructions to ignore embedded commands.
- Capability inventory: The skill can execute arbitrary commands via the 'cot' CLI and modify the file system via 'unzip' and 'install' functions.
- Sanitization: No validation or escaping of user-provided paths or package names is specified in the instruction set.
Audit Metadata