cli-anything

Fail

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the 'cli-anything-hub' package from the standard PyPI registry and uses 'npx' to fetch components from the HKUDS/CLI-Anything repository on GitHub. These references target well-known organizations and official project repositories.
  • [COMMAND_EXECUTION]: The installer script executes shell commands to set up the environment, including 'pip' or 'uv' installations with flags to manage system-wide package restrictions. It also uses 'npx' for autonomous discovery and installation of agent components.
  • [REMOTE_CODE_EXECUTION]: The skill's installation script contains a print statement suggesting the official installation command for the 'uv' package manager (piping from astral.sh to sh) as a troubleshooting step for users.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it is designed to analyze and process untrusted external data (local source code or GitHub repositories) to generate executable code.
  • Ingestion points: Processes source code and remote repositories provided via the '/cli-anything' command.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the processing logic provided.
  • Capability inventory: The skill is granted extensive capabilities including 'Bash', 'Write', 'Edit', and 'WebFetch' across multiple platforms.
  • Sanitization: No evidence of sanitization or validation of the ingested source code is present in the provided shell scripts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — cli-anything