photon-cli
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@photon-ai/clipackage from the public NPM registry usingbunornpm. This is a vendor-owned resource required for the skill's functionality. - [COMMAND_EXECUTION]: The agent is instructed to execute shell commands using the
photon(aliaspho) binary to perform project management, billing operations, and resource configuration. It also utilizesjqfor processing command output. - [CREDENTIALS_UNSAFE]: The skill workflow involves managing sensitive authentication tokens and Spectrum API secrets. Credentials are stored in
~/.config/photon/, and the agent is instructed to capture and store secrets generated during project setup or rotation. - [PROMPT_INJECTION]: The skill contains directives that push for high autonomy, instructing the agent to 'drive the whole thing' and bypass typical confirmation loops for setup tasks, framing standard confirmation as 'disobeying' user intent.
- [COMMAND_EXECUTION]: The skill exposes an indirect prompt injection surface by interpolating user-controlled data (such as project names, email addresses, and phone numbers) into shell command arguments without specified sanitization or boundary markers.
Audit Metadata