cli-to-skill
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to probe local CLI capabilities. Specifically, it calls for running
<cli> --version,<cli> --help,which <cli>, andls ~/.<cli>/to identify tool locations, versions, and configuration files. - [COMMAND_EXECUTION]: The skill performs sensitive data access by running
env | grep -i <CLI_PREFIX>, which exposes environment variables associated with the target CLI to the agent's context. While intended for identifying authentication and configuration flags, this can inadvertently expose secrets if they are stored in environment variables. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it ingests and processes untrusted output from external CLI help documentation and help commands.
- Ingestion points: Data enters the agent context via the output of
<cli> --help,<cli> help, and configuration file listings (SKILL.md). - Boundary markers: The instructions mandate the use of Markdown structure and code blocks for the generated output, though no specific delimiters are enforced for the input data itself.
- Capability inventory: The skill possesses shell execution capabilities for diagnostic probing and file system write capabilities to save the generated SKILL.md to
skills/or~/.claude/skills/paths. - Sanitization: There is no explicit requirement for the agent to sanitize or filter the content of the CLI help output before incorporating it into the final document.
Audit Metadata