Skills
skills/constructive-io/constructive/cli-auth/Gen Agent Trust Hub

cli-auth

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill frequently instructs the agent to pass sensitive information as plain-text command-line flags. This practice can expose secrets in shell history, process listings, and system logs. Key instances include:
  • csdk auth set-token <token> (SKILL.md, references/auth.md)
  • csdk sign-in --input.password <String> (references/sign-in.md)
  • csdk set-password --input.currentPassword <String> --input.newPassword <String> (references/set-password.md)
  • csdk verify-totp --input.totpValue <String> (references/verify-totp.md)
  • csdk reset-password --input.newPassword <String> --input.resetToken <String> (references/reset-password.md)
  • [COMMAND_EXECUTION]: The skill operates by executing a custom CLI tool (csdk). This involves executing shell commands with potentially sensitive or user-controlled inputs, which requires strict validation to prevent command injection.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection by processing data from an external API that could contain malicious instructions.
  • Ingestion points: CLI commands like csdk user list, csdk audit-log list, and csdk email get ingest external data into the agent's context.
  • Boundary markers: The skill does not provide delimiters or instructions to ignore embedded commands within the retrieved data.
  • Capability inventory: The skill includes extensive write capabilities, including user management, password resets, and S3 bucket provisioning.
  • Sanitization: No sanitization or validation of the CLI tool's output is mentioned before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 02:16 AM
Security Audit — agent-trust-hub — cli-auth