teneo-cli
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing a local CLI binary and managing background services via systemd or launchd.
- [EXTERNAL_DOWNLOADS]: The skill installs the @teneo-protocol/cli package from the NPM registry if the binary is missing.
- [DATA_EXFILTRATION]: The CLI includes commands like wallet-export-key and export-login that can expose sensitive private keys and environment variables to the agent's context.
- [PROMPT_INJECTION]: Indirect prompt injection risk exists when the skill ingests data from external network agents via the command function. Evidence: (1) Ingestion points: Output from teneo command in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: The CLI has extensive capabilities including file system access, network operations, and wallet management. (4) Sanitization: No sanitization or validation of the remote agent output is performed.
Audit Metadata