indices
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill installs the Indices CLI by executing a script from 'https://indices.io/install.sh' via a pipe to bash. This is the official installation method for the tool provided by the vendor.
- [COMMAND_EXECUTION]: The skill modifies shell configuration files (e.g., .bashrc, .zshrc) to persistently add '~/.local/bin' to the system PATH, ensuring the installed CLI tool is globally accessible.
- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and components from the vendor domain 'indices.io' and the NPM registry via 'npx'.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes content from external websites through the indices CLI.
- Ingestion points: External websites provided via the '--website' flag in 'indices tasks create' and JSON arguments in 'indices runs create'.
- Boundary markers: Absent; no explicit delimiters or 'ignore instructions' warnings are provided in the command templates.
- Capability inventory: The 'indices' CLI is capable of performing browser-level actions such as scraping, form submission, and navigation.
- Sanitization: No sanitization of the external website content or argument data is described before processing.
Audit Metadata