revnu
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installation of the '@revnu/cli' package from NPM, which is an official resource from the vendor 'revnu-app'.
- [COMMAND_EXECUTION]: The skill performs numerous subprocess calls to the 'revnu' CLI to manage store resources, license keys, and financial analytics.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through the output of 'revnu' CLI commands as defined in the Command Reference section.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions that might be embedded in the CLI's JSON responses, which could contain user-generated content from the platform.
- Capability inventory: The skill has extensive write access, including deleting products via 'revnu products delete' and revoking licenses via 'revnu licenses revoke'.
- Sanitization: There is no evidence of content filtering or validation for the data returned by the external tool before it is processed by the agent.
Audit Metadata