ci-gen
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
npx ai-ci, which executes a command-line tool from the public npm registry. This grants the tool the ability to execute arbitrary code on the host system. - [EXTERNAL_DOWNLOADS]: The
ai-cipackage is downloaded at runtime from the npm registry. The package owner (LXGIC Studios) is not listed as a trusted vendor for the skill author (sundial-org), making this an external dependency from an untrusted source. - [REMOTE_CODE_EXECUTION]: By using
npxto execute unversioned code from a remote registry, the skill facilitates remote code execution where the behavior of the tool could be altered at the source without oversight. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests project data to generate output.
- Ingestion points: Local project files including
package.json, configuration files, and overall project structure. - Boundary markers: Absent. The instructions do not define clear delimiters or safety prompts to prevent the agent from following instructions embedded in the scanned project files.
- Capability inventory: The skill can read project files, write new workflow files, and execute shell commands via npx.
- Sanitization: No sanitization or validation of project-specific content is mentioned before it is processed by the AI logic.
Audit Metadata