speakeasy-context
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Prompt Injection] (MEDIUM): The skill creates a vulnerability to indirect prompt injection. It instructs the agent to run
speakeasy agent contextand use its output as the primary source of truth for subsequent actions. - Ingestion points: Output of
speakeasy agent contextin SKILL.md. - Boundary markers: Absent; no instructions are provided to the agent to treat the CLI output as untrusted data.
- Capability inventory: Ability to execute various
speakeasyCLI commands and send data viafeedback(SKILL.md). - Sanitization: None; the skill lacks validation or escaping for the data received from the CLI.
- [Data Exfiltration] (LOW): The
speakeasy agent feedbackcommand is used to transmit data to an external service. While documented as a feedback mechanism, it represents a routine outbound data flow. - [Command Execution] (LOW): The skill is built around executing local CLI commands. It does not attempt to download or install new software, but relies on the existing
speakeasybinary.
Audit Metadata