agent-ready-cli
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill instructions direct the agent to retrieve the
AGENT_READY_API_KEYby searching local.envfiles using shell commands likegrep. While this is a common developer workflow for managing secrets,.envfiles are sensitive locations that may contain other credentials. - [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill uses
npmandnpxto install and run theagent-ready-scannerpackage from the official NPM registry. These are well-known services used for distributing the vendor's legitimate scanning tools. - [INDIRECT_PROMPT_INJECTION]: The skill scans external URLs which could contain malicious instructions targeting the AI agent when it processes the resulting scan summary.
- Ingestion points: Site scanning via the
agent-ready scan <URL>command described inSKILL.md. - Boundary markers: Absent; the instructions do not provide specific delimiters to separate external site content from agent instructions.
- Capability inventory: The skill can execute shell commands, install software via package managers, and read local configuration files.
- Sanitization: No explicit sanitization or filtering of external site content is described in the skill workflow.
Audit Metadata