cli-reference
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Documents the installation of the @evenrealities/evenhub-cli package via the npm registry. This is a vendor-controlled resource intended for project development.
- [COMMAND_EXECUTION]: Provides a comprehensive reference for CLI commands including 'login' for account authentication, 'init' for manifest generation, 'qr' for development server access, and 'pack' for distribution packaging.
- [PROMPT_INJECTION]: The skill ingests untrusted user input via the $ARGUMENTS placeholder in the SKILL.md file, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: The $ARGUMENTS variable receives data from the user or external context.
- Boundary markers: There are no delimiters or instructional markers used to isolate the untrusted input from the agent's core instructions.
- Capability inventory: The skill is granted access to several powerful tools, including Bash, Write, and Edit, which could be misused if the input is malicious.
- Sanitization: No validation, filtering, or escaping is applied to the input before it is processed by the agent.
Audit Metadata