halo
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
@tnnevol/halo-clitool vianpxto perform operations on the Halo CMS. User-provided input for article titles and Markdown content is passed as command-line arguments to the CLI tool. - [EXTERNAL_DOWNLOADS]: The skill downloads the
@tnnevol/halo-clipackage from the npm registry. The setup documentation indicates that the tool may download platform-specific binaries during execution to handle API requests. These resources are associated with the skill author. - [PROMPT_INJECTION]: The skill retrieves and displays post data from an external Halo CMS instance, creating a surface for indirect prompt injection. Malicious instructions contained within a blog post could potentially influence the agent when performing retrieval actions.
- Ingestion points: Content retrieved from the Halo RESTful API and displayed in the agent context via the
getandlistactions. - Boundary markers: No explicit delimiters or instructions are used to separate external content from the agent's internal logic.
- Capability inventory: The skill possesses the capability to execute shell commands using
npxfor all defined actions. - Sanitization: The skill's security guidelines mention that sensitive values within API responses are automatically sanitized.
Audit Metadata