paragraph-cli
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the official @paragraph-com/cli and @paragraph-com/mcp packages from the npm registry, which are controlled by the platform vendor.
- [COMMAND_EXECUTION]: The skill utilizes local shell commands, including the paragraph CLI and standard utilities like jq, cat, and echo, to perform publication management tasks and interact with the local file system.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes content from the Paragraph platform that could contain malicious instructions.
- Ingestion points: Untrusted data enters the agent context through CLI commands like paragraph post get, paragraph search post, and paragraph subscriber list as specified in SKILL.md.
- Boundary markers: No boundary markers or instructions to ignore embedded commands in fetched data are present in the skill instructions.
- Capability inventory: The skill has access to the Bash tool for CLI execution and the Read tool for local file access.
- Sanitization: There is no evidence of sanitization or validation of the retrieved content before it is processed by the agent.
Audit Metadata