cli-anything-anygen
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: The skill's instructions and metadata are consistent with its stated purpose as a CLI tool for an OpenAPI service. No attempts to bypass safety filters, override agent instructions, or establish persistence were identified.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'cli-anything-anygen' Python package. This package is the primary component of the tool and aligns with the vendor resource naming patterns for the author 'HKUDS'.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes natural language prompts for generation tasks.
- Ingestion points: Prompt inputs for the 'task create' and 'task prepare' commands in SKILL.md.
- Boundary markers: Documentation does not specify delimiters for user-provided prompts.
- Capability inventory: The CLI has capabilities for file upload/download and configuration management.
- Sanitization: No sanitization methods are explicitly detailed in the documentation.
- [DATA_EXFILTRATION]: The CLI includes commands for API key configuration and file management (uploading reference files and downloading results). These are documented, standard features for an API-integrated CLI and do not represent unauthorized exfiltration.
Audit Metadata