apitally-cli
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the 'npx @apitally/cli' pattern to interact with the Apitally API and manage a local DuckDB database. It also executes SQL queries against the local database.- [EXTERNAL_DOWNLOADS]: The skill uses 'npx' to download and execute the '@apitally/cli' package from the NPM registry at runtime. As the package originates from the vendor 'apitally', this is documented as a standard functional requirement.- [PROMPT_INJECTION]: The skill processes API request logs, headers, and payloads, which are untrusted external data sources, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through 'request-logs' and 'request-details' command outputs and DuckDB storage.
- Boundary markers: None identified in the instruction text to delimit external content.
- Capability inventory: Subprocess execution via 'npx' and SQL execution capabilities.
- Sanitization: No explicit sanitization or validation of the log content is described in the skill.
Audit Metadata