miles
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official vendor API at
api.bymiles.aito relay conversation messages, retrieve site status, and generate design directions. These network operations are necessary for the website building functionality provided by the service. - [COMMAND_EXECUTION]: The skill executes a bundled Node.js CLI (
miles-cli.mjs) and shell scripts to manage the design workflow. It includes hooks for initializing script permissions and checking authentication. Additionally, the CLI utilizes system utilities such asopen,start, orxdg-opento launch the Miles dashboard in the user's default web browser. - [PROMPT_INJECTION]: The skill ingests data from the remote Miles API, which is then delivered to the agent's context. This constitutes an indirect prompt injection surface.
- Ingestion points: Responses from the
api.bymiles.aiservice are retrieved byscripts/miles-cli.mjsand presented via stdout and aPostToolUsehook. - Boundary markers: The CLI output uses structured bracketed tags (e.g.,
[question: ...],[phase: ...],[site_ready: true]) to distinguish system status from conversational content. - Capability inventory: The skill has the ability to write to the local file system (specifically
~/.miles) and execute shell commands through the provided CLI launcher. - Sanitization: The CLI script performs basic parsing of the JSON API responses and formats the output for the agent.
- [SAFE]: The skill follows established security practices for CLI applications by storing authentication tokens and session data in a dedicated hidden directory (
~/.miles) within the user's home folder. The use ofchmod +xin initialization hooks is limited to the skill's own bundled scripts.
Audit Metadata