cli-anything-hermes
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is instructed to clone or download resources from the HKUDS repository (https://github.com/HKUDS/CLI-Anything) when local files are unavailable.
- [COMMAND_EXECUTION]: The skill utilizes high-privilege tools including a terminal for running shell commands, installing packages, and executing CLI tools. Specifically, it uses 'pip install -e .' to install generated harnesses and 'subprocess' to run tests on the resulting software.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the generation, writing, and subsequent execution of Python code (Click CLIs, backend modules, and tests) through the 'execute_code' tool.
- [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests untrusted data from local source paths or GitHub repository URLs.
- Ingestion points: Target software source repositories and local directories (SKILL.md).
- Boundary markers: None specified for isolating external instructions from the agent's core task.
- Capability inventory: Access to terminal, execute_code, write_file, and patch tools across its workflow.
- Sanitization: The instructions do not specify validation or sanitization of the architectural analysis or data model extracted from the untrusted source code.
Audit Metadata