oclif-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Data Exposure & Exfiltration (LOW): The command-async.ts template implements network requests via fetch() using URLs provided through CLI flags. This represents a network operation to non-whitelisted domains, which is a standard feature for this use case but classified as a low-level risk.
- Indirect Prompt Injection (LOW): The skill provides patterns for processing external input that could contain malicious instructions. Mandatory Evidence Chain: 1. Ingestion points: Input file argument in templates/command-advanced.ts and urls flag in templates/command-async.ts. 2. Boundary markers: Absent. 3. Capability inventory: The skill templates include file system read/write access (fs-extra) and network operations (fetch). 4. Sanitization: Relies on standard oclif flag parsing without specific content sanitization.
- Command Execution (SAFE): Included bash scripts (scripts/create-command.sh, scripts/create-plugin.sh, etc.) are used for scaffolding and validation. They perform standard file operations such as mkdir, cp, and sed on local template files and do not execute untrusted remote code.
- Prompt Injection (SAFE): No instructions designed to bypass agent safety filters or override core behavioral guidelines were detected in the skill metadata or template comments.
Audit Metadata