skill-cli
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on a custom CLI tool named
skillto perform all operations, including interacting with external APIs (Front, Inngest, Linear). - [DATA_EXFILTRATION]: Several commands allow exporting or pulling data to local files (e.g.,
skill front pull-conversations --output data.json,skill responses export -o bad-responses.json). This behavior is consistent with the skill's purpose for data analysis and evaluation but involves sensitive customer information. - [CREDENTIALS_UNSAFE]: The skill manages and configures sensitive API tokens (
FRONT_API_TOKEN,INNGEST_SIGNING_KEY,LINEAR_API_KEY). It includes a configuration command (skill config set) to store these secrets locally. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources that may contain malicious instructions for the agent.
- Ingestion points: Data enters the agent's context through commands like
skill front conversation(which includes message history),skill inngest events, andskill linear issues. - Boundary markers: The instructions do not define clear delimiters or provide the agent with warnings to ignore instructions embedded within the retrieved data.
- Capability inventory: The agent has access to powerful write and administrative tools, including
skill front reply,skill front archive,skill linear create, and a raw API 'escape hatch' (skill front api). - Sanitization: There is no mention of sanitization or filtering of the content retrieved from external platforms before it is processed by the agent.
Audit Metadata