yao-geoflow-cli
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
bin/geoflow,php, anddocker composeto interact with the GEOFlow system. Additionally, thescripts/geoflow_preflight.shscript generates and executes dynamic Python code via heredocs to perform JSON validation and text excerpting.\n- [DATA_EXFILTRATION]: The skill usescurlto transmit data, including task configurations and article content, to a user-configuredGEOFLOW_BASE_URL. While this is functional, it involves sending local data to a remote endpoint.\n- [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication data such asGEOFLOW_API_TOKENand user passwords. Although the documentation provides guidance to avoid exposing these tokens in summaries, they are actively handled within the environment and local configuration files.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted local data from files liketask.jsonandarticle.md.\n - Ingestion points:
task.jsonandarticle.md(specified inSKILL.mdandreferences/command-map.md).\n - Boundary markers: Absent; the skill does not wrap file content in delimiters or include instructions to ignore embedded commands.\n
- Capability inventory: The agent can execute shell commands (
bin/geoflow,php) and perform network operations (curl).\n - Sanitization: No sanitization or validation of the file content is performed before it is passed to commands or API requests.
Audit Metadata