anylist
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill translates user requests into shell commands using the
anylistCLI to interact with the AnyList shopping list service. - [EXTERNAL_DOWNLOADS]: The skill relies on the
anylist-clipackage, which it instructs the user to install from the npm registry. - [PROMPT_INJECTION]: The skill processes user-supplied input (such as item names and list names) and interpolates it into shell commands. This creates a surface for indirect command injection if input is not properly handled.
- Ingestion points: User-provided list names and grocery items described in SKILL.md.
- Boundary markers: The skill instructions provide examples using double quotes around arguments (e.g.,
anylist add "Grocery" "Milk") to encapsulate user data. - Capability inventory: Execution of
anylistCLI commands through the system shell. - Sanitization: No explicit sanitization or escaping rules are defined within the skill text; it relies on the agent's default behavior for command construction.
Audit Metadata