spok-api-cli
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation and use of the
spok-apipackage from the NPM registry. This is a vendor-owned resource necessary for the skill's primary administrative functionality. - [COMMAND_EXECUTION]: The skill operates by executing the
spok-apiCLI tool. It provides a comprehensive set of commands for interacting with paging system databases, including record creation, updates, and messaging operations. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-provided strings for fields such as names, remarks, and status text.
- Ingestion points: Command parameters like
--lname,--fname,--stext, and--remarkin SKILL.md. - Boundary markers: Documentation examples use double quotes to delimit string arguments.
- Capability inventory: The skill can execute shell commands via the CLI and manage its own configuration file located at
~/.spok-api/config.json. - Sanitization: Input validation is expected to be handled by the underlying CLI tool; no explicit sanitization is defined within the skill instructions.
Audit Metadata