cli-anything
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing software and harnesses from a third-party GitHub repository (github.com/nicholasgasior/cli-anything) which is not associated with a verified organization or well-known service.\n- [COMMAND_EXECUTION]: The skill provides instructions to install binaries directly to the system PATH and executes various powerful system utilities (e.g., imagemagick, pandoc, ffmpeg, csvkit, yt-dlp) to process files and data.\n- [PROMPT_INJECTION]: The architecture is vulnerable to indirect prompt injection by design, as it routes untrusted research findings and outputs to system-level CLI tools without explicit sanitization or safety boundary markers.\n
- Ingestion points: Research outputs and findings are processed via the artifact routing framework described in SKILL.md.\n
- Boundary markers: None present; inputs are passed directly to command-line arguments of various tools.\n
- Capability inventory: The skill utilizes subprocess execution for a wide range of tools (magick, ffmpeg, dot, pandoc) that can interact with the file system and network.\n
- Sanitization: No evidence of validation, escaping, or filtering of external content before interpolation into shell commands.
Audit Metadata