blucli
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automates the installation of the 'blu' command-line tool directly from a public GitHub repository (github.com/steipete/blucli) using the Go package manager.\n- [COMMAND_EXECUTION]: The skill enables the agent to execute shell commands using the 'blu' binary to manage network-connected audio devices, including volume control, playback state, and device grouping.\n- [PROMPT_INJECTION]: The skill ingests data from external BluOS devices through discovery and status commands, representing a potential surface for indirect prompt injection.\n
- Ingestion points: Device information and status metadata retrieved via 'blu devices' and 'blu status' in SKILL.md.\n
- Boundary markers: Not present.\n
- Capability inventory: Local command execution via the 'blu' binary for device management.\n
- Sanitization: No explicit sanitization or filtering of strings returned by hardware devices is documented.
Audit Metadata