Skills
skills/ollygarden/skills/ollygarden-cli/Gen Agent Trust Hub

ollygarden-cli

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides an installation command in SKILL.md that pipes a script from https://raw.githubusercontent.com/ollygarden/ollygarden-cli/main/install.sh to a shell.
  • [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from the vendor's GitHub repository as documented in SKILL.md.
  • [COMMAND_EXECUTION]: The skill involves executing shell commands using the ollygarden CLI and jq for data processing as seen in SKILL.md and references/recipes.md.
  • [DATA_EXFILTRATION]: The skill manages sensitive API tokens and accesses the local configuration file at os.UserConfigDir()/ollygarden/config.yaml as described in SKILL.md.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through its processing of external API data. 1. Ingestion points: API data from insights list and insights summary in SKILL.md. 2. Boundary markers: No delimiters or isolation markers are used to wrap external content. 3. Capability inventory: Shell execution capabilities using the CLI and jq across SKILL.md and references/recipes.md. 4. Sanitization: API-provided content is not sanitized before being processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ollygarden/ollygarden-cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 09:14 AM
Security Audit — agent-trust-hub — ollygarden-cli