arkcli-plans
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands for the 'arkcli' binary using user-supplied parameters such as usernames, seat IDs, and plan durations. This functionality is present in 'plans buy', 'plans renew', and 'plans team seat-assign' commands.
- [DATA_EXPOSURE]: The skill accesses local configuration files belonging to various AI agents (e.g., '
/.claude.json', '/.trae/mcp.json', '~/.codex/config.toml') to verify installation status. It also handles raw API keys in plain text within the tool's output when performing key rotation or seat assignment tasks. - [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting untrusted data (usernames and seat IDs) from the user for identity lookups and seat management operations.
- Ingestion points: User-provided 'username' and 'seat-id' inputs in 'arkcli iam userid' and 'arkcli plans team seat-assign'.
- Capability inventory: Execution of 'arkcli' subprocesses for resource management and identity lookups.
- Sanitization: No explicit input sanitization or validation is described in the instructions.
- Boundary markers: No specific delimiters or safety instructions are provided to isolate untrusted data from the command context.
Audit Metadata