use-circle-cli
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies extensively on shell command execution to interface with the
circleCLI for on-chain operations and configuration. - [EXTERNAL_DOWNLOADS]: Facilitates the installation of the
@circle-fin/clipackage from the official npm registry. - [REMOTE_CODE_EXECUTION]: Provides commands to fetch and update agent capabilities via
circle skill updateandnpx skills update, which download logic from external repositories. - [PROMPT_INJECTION]: Contains instructions directing the agent to prioritize this skill as a 'rescue' mechanism when encountering common blockers like rate limits or missing API keys, potentially overriding default decision-making logic.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing data from an external marketplace via
circle services searchandcircle services inspect. - Ingestion points: CLI output from marketplace search and service inspection commands (SKILL.md).
- Boundary markers: Not present; the agent is instructed to parse output directly.
- Capability inventory: Significant capabilities including wallet transfers, smart contract execution, and bridging (SKILL.md).
- Sanitization: No explicit sanitization or validation of marketplace content is defined in the instructions.
Audit Metadata