cbi-script
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local environment by executing cbi CLI commands. These commands are used to manage project scripts, including creating tasks, fetching content, and saving updates. This behavior is consistent with the skill's stated purpose of providing an interface to the vendor's platform.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing data from external scripts.
- Ingestion points: Script content fetched via 'cbi project script-get' (SKILL.md).
- Boundary markers: None identified in instructions.
- Capability inventory: Shell command execution via 'cbi' CLI (SKILL.md).
- Sanitization: No explicit sanitization or validation of the retrieved script content is described.
Audit Metadata