iot-fleet
Warn
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch the @claude-flow/plugin-iot-cognitum package from the npm registry at runtime.
- [REMOTE_CODE_EXECUTION]: By using npx -y -p @claude-flow/plugin-iot-cognitum@latest, the skill executes code from an external source. The use of the @latest tag means the code is not version-locked and can be modified by the package owner at any time.
- [COMMAND_EXECUTION]: The skill's primary functionality is implemented through bash commands executed using the npx tool.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. 1. Ingestion points: NAME, FLEET_ID, and DEVICE_ID arguments used in the subcommand templates. 2. Boundary markers: No delimiters or instructions are used to distinguish untrusted user data from the command. 3. Capability inventory: The skill utilizes the Bash tool with the ability to execute network-downloaded code via npx. 4. Sanitization: There is no evidence of input validation, escaping, or sanitization of the arguments before they are passed to the shell.
Audit Metadata