arkcli-plans

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs and executes shell commands for the 'arkcli' binary using user-supplied parameters such as usernames, seat IDs, and plan durations. This functionality is present in 'plans buy', 'plans renew', and 'plans team seat-assign' commands.
  • [DATA_EXPOSURE]: The skill accesses local configuration files belonging to various AI agents (e.g., '/.claude.json', '/.trae/mcp.json', '~/.codex/config.toml') to verify installation status. It also handles raw API keys in plain text within the tool's output when performing key rotation or seat assignment tasks.
  • [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting untrusted data (usernames and seat IDs) from the user for identity lookups and seat management operations.
  • Ingestion points: User-provided 'username' and 'seat-id' inputs in 'arkcli iam userid' and 'arkcli plans team seat-assign'.
  • Capability inventory: Execution of 'arkcli' subprocesses for resource management and identity lookups.
  • Sanitization: No explicit input sanitization or validation is described in the instructions.
  • Boundary markers: No specific delimiters or safety instructions are provided to isolate untrusted data from the command context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 08:30 AM
Security Audit — agent-trust-hub — arkcli-plans