cli-anything-web-yu-pri

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs its core logic directly from the author's GitHub repository (HKUDS/CLI-Anything) using pip.
  • [EXTERNAL_DOWNLOADS]: Triggers the download and installation of the Chromium browser binary via the Playwright library to support web automation.
  • [COMMAND_EXECUTION]: The skill utilizes a custom CLI tool to drive a browser, permitting operations such as logging in, taking page snapshots, and filling shipping forms.
  • [PROMPT_INJECTION]: The skill processes external data files (JSON and CSV) to populate web forms. This ingestion of untrusted data represents a surface for indirect prompt injection, although the skill's instructions establish clear safety rules for manual login and dry-run validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:09 AM
Security Audit — agent-trust-hub — cli-anything-web-yu-pri