cli-anything-tigris

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the official Tigris CLI from NPM (@tigrisdata/cli) and the Tigris Homebrew tap. It also installs the author's Python package cli-anything-tigris from PyPI.
  • [COMMAND_EXECUTION]: Shells out to the tigris binary (aliased as t3) to perform storage operations, including bucket deletion, object uploads, and credential rotation.
  • [COMMAND_EXECUTION]: The skill possesses a surface for indirect prompt injection by processing external data.
  • Ingestion points: Reads object listings and object content from Tigris buckets through the object list and object get subcommands.
  • Boundary markers: No delimiters or instructions to disregard embedded data are implemented when processing retrieved object content.
  • Capability inventory: The skill can execute shell commands, perform network operations to the Tigris service, and write objects to the local filesystem.
  • Sanitization: No validation or sanitization of retrieved object content or metadata is performed before outputting to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:09 AM
Security Audit — agent-trust-hub — cli-anything-tigris