Skills
skills/codecell-germany/sevdesk-agent-skill/sevdesk-agent-cli/Gen Agent Trust Hub

sevdesk-agent-cli

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @codecell-germany/sevdesk-agent-skill package from the NPM registry during its bootstrap process.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to download and execute an installation script and the main CLI tool from a remote package registry.
  • [COMMAND_EXECUTION]: Core functionality relies on the execution of shell commands through the installed sevdesk-agent binary.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it retrieves untrusted data from external Sevdesk API endpoints and presents it to the agent.
  • Ingestion points: API responses from read operations (e.g., contact names, invoice positions).
  • Boundary markers: None described in the prompt template or instructions to delimit API data from agent instructions.
  • Capability inventory: Shell execution via the CLI tool and file writing via the --decode-pdf flag.
  • Sanitization: Not present; while the skill mentions data normalization for API quirks, it does not specify sanitization or filtering for instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 10:57 AM