cli-anything
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches tool configurations and meta-skill definitions from the HKUDS GitHub organization and uses standard package managers to install dependencies.
- [REMOTE_CODE_EXECUTION]: The provided installation script suggests a command string for installing the
uvpackage manager via a piped shell script from the well-knownastral.shdomain if it is missing. This is a standard installation pattern for this well-known service. - [COMMAND_EXECUTION]: Employs shell commands to manage Python virtual environments and install packages via
piporuv. It also executes generated CLI tools and their associated test suites as part of the harness validation workflow. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests external repository data to generate CLI wrappers.
- Ingestion points: Local source code paths or remote GitHub repository URLs passed to the
/cli-anythingcommand. - Boundary markers: None explicitly enforced in the prompt instructions.
- Capability inventory: File system write access (for generating harnesses and
SKILL.mdfiles), subprocess execution for testing, and network access for package retrieval. - Sanitization: The skill mitigates risks through a 7-phase generation pipeline that includes automated validation and testing phases to ensure generated code follows strict methodology standards.
Audit Metadata