finance-cli
Fail
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions for the agent to install the
finance-clitool by executing a script directly from a remote URL viacurl -fsSL https://raw.githubusercontent.com/kelvin6365/finance-cli/main/install.sh | bash. This represents unverified remote code execution from a third-party source. - [COMMAND_EXECUTION]: The installation workflow in
references/install.mdguides the agent to perform environment persistence by modifying shell configuration files (~/.zshrcor~/.bashrc). It also instructs the agent to usesudofor installation to system-protected directories like/usr/local/binif permissions are insufficient. - [EXTERNAL_DOWNLOADS]: The skill recommends installing software from unverified third-party sources using commands like
bun add -g github:kelvin6365/finance-cliandnpx skills add kelvin6365/finance-cli-skill. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its dependency on external CLI data.
- Ingestion points: Data returned from
finance schema,finance status, and transaction listings. - Boundary markers: The instructions lack delimiters or specific warnings to ignore instructions embedded in the processed financial data.
- Capability inventory: The agent has extensive capabilities, including executing shell commands, installing scripts, and writing to files.
- Sanitization: No input validation or output sanitization of the CLI results is specified in the skill body.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/kelvin6365/finance-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata