replicate-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill is a comprehensive guide for the
replicateCLI tool. It documents standard operations like running predictions, managing deployments, and fine-tuning models without introducing malicious or unauthorized commands. - [CREDENTIALS_UNSAFE] (LOW): The skill references the
REPLICATE_API_TOKENand provides an example of setting it. It uses a safe placeholder (<token-from-replicate.com/account>) and correctly suggests interactive authentication (replicate auth login) as an alternative. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill demonstrates output chaining, where model results are piped into other commands using
{{.output[0]}}. - Ingestion points: Model outputs are directly ingested as inputs for subsequent model runs.
- Boundary markers: None present; data is passed directly through the CLI.
- Capability inventory: The skill enables full model execution and file-saving capabilities via the
replicatebinary. - Sanitization: No sanitization of model output is mentioned, which is standard for CLI tools but identifies a surface where untrusted model output could influence subsequent parameters.
- [DYNAMIC_EXECUTION] (LOW): The documentation includes the
replicate scaffoldcommand, which generates local project structures for Node.js or Python. This is a standard developer-enablement feature for creating local environments from existing AI predictions.
Audit Metadata