hagi
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands using 'npx', 'npm', and 'node' for CLI operations and local development. These actions are aligned with the skill's primary purpose of maintaining and using the HagiCode toolset.
- [EXTERNAL_DOWNLOADS]: The instructions utilize 'npx' to download and run the '@hagicode/cli' package from the npm registry. As this package is a resource from the skill's authoring organization, it is considered a legitimate vendor-provided component.
- [DATA_EXFILTRATION]: The skill manages authentication via the 'HAGI_API_TOKEN' environment variable and communicates with the 'HAGI_API_BASE_URL'. This data transfer is inherent to the functionality of the CLI and does not indicate unauthorized exfiltration.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it requires the agent to interpret and act upon data from external API responses (e.g., 'proposal list') or user-provided files (e.g., 'annotations.json').
- Ingestion points: API responses and JSON files used by the proposal, chat, and autotask command families.
- Boundary markers: The skill does not define explicit delimiters or instructions to prevent the agent from obeying commands hidden within the external data.
- Capability inventory: The agent has shell execution capabilities via 'npx' and 'npm' for development and package tasks.
- Sanitization: No explicit validation or sanitization requirements are provided for content retrieved from external sources before it is processed by the agent.
Audit Metadata