cli-anything

Warn

Audited by Snyk on Jun 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). High: the required runtime workflow can fetch and ingest outsider-authored free text from public CLI-Hub registry sources (e.g., cli-hub search/info/install reading public_registry.json and any fetched package/metadata) and/or from GitHub repos when running /cli-anything <path-or-repo>, which the generator then reads as prose/code to produce harness content for the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill includes explicit runtime install/exec commands that fetch and run remote code (e.g., "git clone https://github.com/HKUDS/CLI-Anything.git && bash CLI-Anything/codex-skill/scripts/install.sh", "npx skills add HKUDS/CLI-Anything --skill cli-hub-meta-skill", and "pip install cli-anything-hub"), which will download external content that is executed or registers agent-facing meta-skills and thus can directly affect agent prompts/behavior.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 04:57 AM
Issues
2
Security Audit — snyk — cli-anything