emdash-cli
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands using the
emdashCLI (and its aliasec) vianpx. This includes operations for content CRUD, schema management, and media uploads. - [EXTERNAL_DOWNLOADS]: The skill relies on
npxto fetch and run theemdashpackage from the npm registry. This package is the official management tool provided by the skill author (emdash-cms). - [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication data, such as API tokens and service headers. It utilizes environment variables (
EMDASH_TOKEN,EMDASH_HEADERS) and interacts with stored credentials located in a configuration file at~/.config/emdash/auth.json. This behavior is characteristic of the CLI tool maintaining session state. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface related to data processing.
- Ingestion points: Content is ingested into the agent context from remote CMS instances through the
npx emdash content getandnpx emdash content listcommands. - Boundary markers: The skill documentation does not provide specific boundary markers or instructions to the agent to disregard potential commands found within the CMS content.
- Capability inventory: The agent has access to powerful capabilities, including schema deletion (
npx emdash schema delete), content modification, and media management, which could be targeted by instructions embedded in CMS data. - Sanitization: While the CLI converts Portable Text (JSON) to Markdown for easier reading by the agent, it does not explicitly sanitize the resulting text for embedded instructions.
Audit Metadata