facilioo-agent-cli
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to install global CLI tools (
npm install -g @codecell-germany/facilioo-agent-skill) and perform environment initialization (facilioo-agent-skill install --force). - [EXTERNAL_DOWNLOADS]: Downloads the agent CLI package from the public NPM registry.
- [DATA_EXFILTRATION]: The skill manages sensitive authentication data and provides commands to export session environment variables to a local file (
~/.config/facilioo-agent-cli/session.env). It also interacts with PII, including owner names and contracts, though it contains explicit instructions for redaction. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) due to its data processing workflows.
- Ingestion points: The skill reads untrusted external data from meeting transcripts (
transcript.txt) and protocol files (final-protocol.txt) found in the local environment. - Boundary markers: Instructions suggest using redacted output and preview modes, though explicit delimiters for external content are not mandated in the prompts.
- Capability inventory: The CLI tool possesses broad capabilities to create, modify, and delete processes, work orders, and documents on the Facilioo platform.
- Sanitization: The skill relies on built-in CLI redaction logic and requires mandatory human-in-the-loop confirmation flags (
--confirm-write,--confirm-delete) for all mutation operations.
Audit Metadata