hillclimb-cli
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation describes installing the CLI tool from GitHub Packages using 'npm install -g @workbench-ai/hillclimb-cli'.
- [EXTERNAL_DOWNLOADS]: The gepa search strategy utilizes the 'uv' package manager to dynamically download and execute specific Python packages, including 'gepa==0.1.1' and 'litellm==1.82.6'.
- [COMMAND_EXECUTION]: Core functionality involves executing the 'hillclimb' CLI and its subcommands (init, validate, run, doctor, ui, etc.) on the local host.
- [COMMAND_EXECUTION]: The tool supports the execution of arbitrary, user-defined shell commands for agent preparation and evaluation steps as specified in the local '.hillclimb/config.yaml' file.
- [DATA_EXFILTRATION]: The skill manages sensitive API keys (e.g., 'OPENAI_API_KEY') through environment variable references and secret management strategies defined in the configuration.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing data from the local workspace, evaluator traces, and configuration files which are then used to influence the agent's behavior during iterative loops.
Audit Metadata