blucli
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation metadata specifies a remote download of a Go module from
github.com/steipete/blucli/cmd/blu@latest. This source is an individual user's repository and is not recognized as a trusted organization or well-known technology service.\n- [COMMAND_EXECUTION]: The skill requires and executes theblubinary for discovery and playback control. Executing binaries from unverified third-party sources carries a risk of unauthorized command execution if the source repository were to be compromised.\n- [PROMPT_INJECTION]: The skill processes untrusted data from tool outputs (device names and search results) which can be used for indirect prompt injection. Ingestion points: Output fromblu devicesandblu tunein search. Boundary markers: None. Capability inventory: Subprocess execution of theblubinary. Sanitization: No sanitization or escaping of tool output is performed before processing.
Audit Metadata