cli-anything

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches tool configurations and meta-skill definitions from the HKUDS GitHub organization and uses standard package managers to install dependencies.
  • [REMOTE_CODE_EXECUTION]: The provided installation script suggests a command string for installing the uv package manager via a piped shell script from the well-known astral.sh domain if it is missing. This is a standard installation pattern for this well-known service.
  • [COMMAND_EXECUTION]: Employs shell commands to manage Python virtual environments and install packages via pip or uv. It also executes generated CLI tools and their associated test suites as part of the harness validation workflow.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests external repository data to generate CLI wrappers.
  • Ingestion points: Local source code paths or remote GitHub repository URLs passed to the /cli-anything command.
  • Boundary markers: None explicitly enforced in the prompt instructions.
  • Capability inventory: File system write access (for generating harnesses and SKILL.md files), subprocess execution for testing, and network access for package retrieval.
  • Sanitization: The skill mitigates risks through a 7-phase generation pipeline that includes automated validation and testing phases to ensure generated code follows strict methodology standards.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 05:45 AM
Security Audit — agent-trust-hub — cli-anything