boxyard-cli
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous command-line examples for the
boxyardCLI. It explicitly categorizes commands into 'read-only' (safe to run without confirmation) and state-modifying (requires user confirmation), which is a security best practice for agent instructions. - [EXTERNAL_DOWNLOADS]: The skill documents the
boxyard new --git-clonecommand, which allows the agent to download content from remote Git repositories. This is a standard feature of the tool and is documented transparently. - [DATA_EXFILTRATION]: While the skill facilitates network operations through synchronization (via rclone), this is the primary intended purpose of the tool. The skill documents the location of the rclone configuration file (
boxyard_rclone.conf), which may contain sensitive credentials, but it does not instruct the agent to disclose or exfiltrate the contents of this file.
Audit Metadata