cli-scripting
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's reference materials and example scripts recommend the use of numerous well-known third-party libraries for automation, such as
psutil,requests,paramiko,fabric, andpandasfor Python, andchalk,ora,execa, andzxfor Node.js. These are standard, reputable packages in their respective development ecosystems. - [COMMAND_EXECUTION]: The skill provides numerous utility scripts for system administration tasks like reporting, log analysis, and infrastructure provisioning. These scripts utilize standard CLI tools (
aws,az,kubectl,curl) as intended for their administrative and educational purpose. - [DYNAMIC_EXECUTION]: The
powershell/scripts/03-file-processor.ps1script demonstrates the use of[scriptblock]::Create()to evaluate filter expressions. While this is a common technique for providing flexible query functionality in PowerShell, it represents a pattern where user-provided strings are executed as code within the environment. - [INDIRECT_PROMPT_INJECTION]: Several scripts in the collection are designed to ingest and process external data files (logs, CSV, JSON), which is a common pattern that nonetheless creates a potential attack surface.
- Ingestion points: File reading operations in
03-csv-processor.py,02-log-analyzer.sh, and03-file-processor.ps1. - Boundary markers: The example scripts do not implement explicit delimiters or warnings to ignore instructions that might be embedded within the data files.
- Capability inventory: The skill includes capabilities for file system modification, network requests (in API client examples), and subprocess execution.
- Sanitization: The provided examples focus on functional parsing and do not include robust sanitization for adversarial content within the data files.
Audit Metadata