cli-anything-hermes

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is instructed to clone or download resources from the HKUDS repository (https://github.com/HKUDS/CLI-Anything) when local files are unavailable.
  • [COMMAND_EXECUTION]: The skill utilizes high-privilege tools including a terminal for running shell commands, installing packages, and executing CLI tools. Specifically, it uses 'pip install -e .' to install generated harnesses and 'subprocess' to run tests on the resulting software.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the generation, writing, and subsequent execution of Python code (Click CLIs, backend modules, and tests) through the 'execute_code' tool.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests untrusted data from local source paths or GitHub repository URLs.
  • Ingestion points: Target software source repositories and local directories (SKILL.md).
  • Boundary markers: None specified for isolating external instructions from the agent's core task.
  • Capability inventory: Access to terminal, execute_code, write_file, and patch tools across its workflow.
  • Sanitization: The instructions do not specify validation or sanitization of the architectural analysis or data model extracted from the untrusted source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:09 AM
Security Audit — agent-trust-hub — cli-anything-hermes