cli-anything
Fail
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the 'cli-anything-hub' package from the standard PyPI registry and uses 'npx' to fetch components from the HKUDS/CLI-Anything repository on GitHub. These references target well-known organizations and official project repositories.
- [COMMAND_EXECUTION]: The installer script executes shell commands to set up the environment, including 'pip' or 'uv' installations with flags to manage system-wide package restrictions. It also uses 'npx' for autonomous discovery and installation of agent components.
- [REMOTE_CODE_EXECUTION]: The skill's installation script contains a print statement suggesting the official installation command for the 'uv' package manager (piping from astral.sh to sh) as a troubleshooting step for users.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it is designed to analyze and process untrusted external data (local source code or GitHub repositories) to generate executable code.
- Ingestion points: Processes source code and remote repositories provided via the '/cli-anything' command.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the processing logic provided.
- Capability inventory: The skill is granted extensive capabilities including 'Bash', 'Write', 'Edit', and 'WebFetch' across multiple platforms.
- Sanitization: No evidence of sanitization or validation of the ingested source code is present in the provided shell scripts.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata