agent-cli-toolkit
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to install the 'Vite+' tool using
curl -fsSL https://vite.plus | bash. This pattern involves piping a remote script from an untrusted source directly into a shell, allowing for arbitrary code execution on the user's system without prior verification. - [EXTERNAL_DOWNLOADS]: The skill promotes the installation of a third-party GitHub CLI extension
gh-llmfrom theShigureLabrepository. This repository and its owner are not verified or listed as trusted vendors, posing a risk of executing unvetted external code. - [COMMAND_EXECUTION]: The toolkit grants the agent access to a wide array of powerful system utilities, including text manipulation (
sd), network debugging (httpie), and process management (procs,btm). While useful, these capabilities can be misused if the agent is manipulated into performing unintended system actions. - [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data from GitHub PRs, issues, and logs.
- Ingestion points: Commands like
gh llm pr viewandgh pr viewfetch content from external GitHub repositories. - Boundary markers: The instructions do not provide delimiters or specific guidelines to prevent the agent from following instructions embedded within the fetched GitHub content.
- Capability inventory: The agent has access to system-level commands, network tools, and file modification utilities (
sd,http,curl,bash). - Sanitization: There is no evidence of sanitization or validation to ensure that data retrieved from external sources is treated as passive text rather than active instructions.
Recommendations
- HIGH: Downloads and executes remote code from: https://vite.plus - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata