cli-anything
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.78). High: the required runtime workflow can fetch and ingest outsider-authored free text from public CLI-Hub registry sources (e.g.,
cli-hub search/info/installreadingpublic_registry.jsonand any fetched package/metadata) and/or from GitHub repos when running/cli-anything <path-or-repo>, which the generator then reads as prose/code to produce harness content for the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill includes explicit runtime install/exec commands that fetch and run remote code (e.g., "git clone https://github.com/HKUDS/CLI-Anything.git && bash CLI-Anything/codex-skill/scripts/install.sh", "npx skills add HKUDS/CLI-Anything --skill cli-hub-meta-skill", and "pip install cli-anything-hub"), which will download external content that is executed or registers agent-facing meta-skills and thus can directly affect agent prompts/behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata