skills/photon-hq/skills/photon-cli/Gen Agent Trust Hub

photon-cli

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @photon-ai/cli package from the public NPM registry using bun or npm. This is a vendor-owned resource required for the skill's functionality.
  • [COMMAND_EXECUTION]: The agent is instructed to execute shell commands using the photon (alias pho) binary to perform project management, billing operations, and resource configuration. It also utilizes jq for processing command output.
  • [CREDENTIALS_UNSAFE]: The skill workflow involves managing sensitive authentication tokens and Spectrum API secrets. Credentials are stored in ~/.config/photon/, and the agent is instructed to capture and store secrets generated during project setup or rotation.
  • [PROMPT_INJECTION]: The skill contains directives that push for high autonomy, instructing the agent to 'drive the whole thing' and bypass typical confirmation loops for setup tasks, framing standard confirmation as 'disobeying' user intent.
  • [COMMAND_EXECUTION]: The skill exposes an indirect prompt injection surface by interpolating user-controlled data (such as project names, email addresses, and phone numbers) into shell command arguments without specified sanitization or boundary markers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:36 AM
Security Audit — agent-trust-hub — photon-cli