accli
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external package from the public npm registry (@joargp/accli). This dependency is not from a known trusted organization or the skill's author, posing a third-party supply chain risk.
- [COMMAND_EXECUTION]: The skill is built entirely around executing shell commands to interact with the system's calendar. It includes destructive operations like 'accli delete' and configuration changes like 'accli config', which the agent is instructed to use for managing user data.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external calendar events which could contain malicious instructions.
- Ingestion points: The 'accli events' and 'accli event' commands in SKILL.md ingest event summaries, locations, and descriptions into the agent's context.
- Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the calendar data.
- Capability inventory: The skill has the capability to create, update, and delete events, as well as modify CLI configurations via shell commands documented in SKILL.md.
- Sanitization: No sanitization, escaping, or validation logic is present to handle untrusted input from event fields before processing.
Audit Metadata