Skills
skills/hkuds/cli-anything/cli-anything-ollama/Gen Agent Trust Hub

cli-anything-ollama

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions specify installing the 'cli-anything-ollama' package from PyPI. This package originates from the skill's author (HKUDS) and is a standard dependency for the tool's functionality.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface, as it is designed to ingest and process untrusted user data for LLM inference.
  • Ingestion points: Untrusted data enters the agent context through the --prompt, --message, and --file arguments as documented in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' markers when interpolating untrusted content.
  • Capability inventory: The skill can perform network operations (connecting to Ollama REST APIs) and read local system files via the --file parameter.
  • Sanitization: There is no evidence of input sanitization, validation, or escaping of the content provided through CLI arguments or external files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:01 PM