appwrite-cli
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents an installation command that pipes a script from the official vendor domain (appwrite.io) directly into the shell. This is an expected and standard installation pattern for this specific vendor's tooling.\n- [EXTERNAL_DOWNLOADS]: Fetches installation scripts, configuration files, and SDK components from official vendor-controlled domains (appwrite.io) and the vendor's GitHub organization (github.com/appwrite). All downloads are legitimate resources required for the operation of the Appwrite CLI.\n- [COMMAND_EXECUTION]: Facilitates the use of the Appwrite CLI for administrative tasks, including resource deployment and project management. These capabilities are appropriate for a CLI management skill.\n- [PROMPT_INJECTION]: Indirect attack surface identified where untrusted data could be interpolated into CLI commands (e.g., via --data or --body flags). This represents a standard vulnerability surface common to data-processing tools.\n
- Ingestion points: CLI commands such as 'appwrite tables-db create-row' and 'appwrite functions create-execution' process external input via command-line arguments.\n
- Boundary markers: The provided examples do not use specific delimiters or instructions to prevent the agent from obeying instructions embedded in the processed data.\n
- Capability inventory: The skill allows the agent to execute shell commands, perform network operations to the Appwrite API, and modify remote database/function state.\n
- Sanitization: No explicit sanitization or validation of the data flags is mentioned in the skill instructions.
Audit Metadata