company-deep-dive
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from web searches and extractions, which is interpolated into prompts for the main agent and sub-agents. This creates a surface for indirect prompt injection.\n
- Ingestion points: Search results and extracted page content from the
nimbleCLI.\n - Boundary markers: None identified in the prompt templates.\n
- Capability inventory: The skill uses
Bashfor shell operations and theAgenttool withbypassPermissionsfor sub-task execution.\n - Sanitization: Content is used directly as returned by the web data API without specific sanitization filters.\n- [EXTERNAL_DOWNLOADS]: Onboarding instructions require installing the
@nimbleway/clipackage vianpm, which is the official CLI tool provided by the vendor.\n- [COMMAND_EXECUTION]: The skill usesBashto invoke thenimbleCLI, manage a local file-based memory system in~/.nimble/, and perform date arithmetic.
Audit Metadata