skills/5dive-ai/skills/5dive-cli/Gen Agent Trust Hub

5dive-cli

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the sudo command to execute the 5dive CLI for administrative operations, including creating Linux users, managing systemd services, and interacting with tmux sessions. While these commands are targeted at a specific management utility, they represent high-privilege operations.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is designed to ingest data from external communication channels (Telegram and Discord) and pass that data as arguments to CLI commands. This creates an attack surface where malicious users could attempt to inject instructions or execute arbitrary commands via shell expansion (e.g., using backticks or command substitution) if the agent fails to properly sanitize the input as instructed in the recipes.
  • [EXTERNAL_DOWNLOADS]: The skill supports the installation of additional agent skills from remote GitHub repositories through the --with-skills parameter during agent creation. While the default source is the vendor's own repository, the mechanism allows for the introduction of external code into the agent environment.
  • [CREDENTIALS_UNSAFE]: The skill facilitates the management of sensitive authentication data, such as API keys and bot tokens, by passing them as command-line arguments or storing them in environment files (.env). This behavior is inherent to the skill's purpose as a management tool but requires careful handling to prevent credential exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 07:52 AM
Security Audit — agent-trust-hub — 5dive-cli