Skills
skills/onyx-dot-app/onyx/onyx-cli/Gen Agent Trust Hub

onyx-cli

Fail

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's setup instructions include a command to move the compiled binary using administrative privileges: sudo mv onyx-cli /usr/local/bin/. This represents a privilege escalation vector involving system-level file modification.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the onyx-cli tool via the Python Package Index and to build from source using the vendor's GitHub repository at github.com/onyx-dot-app/onyx/cli. These resources are provided by the official vendor.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from external company sources.
  • Ingestion points: Results from the onyx-cli ask command which pulls data from connected sources like Confluence, Slack, and Google Drive.
  • Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from being influenced by instructions embedded within the retrieved document content.
  • Capability inventory: The agent is instructed on how to execute CLI commands using the onyx-cli tool.
  • Sanitization: There is no evidence of sanitization or filtering applied to the retrieved knowledge base data before it is presented to the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 15, 2026, 02:56 PM
Security Audit — agent-trust-hub — onyx-cli