5dive-cli
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
sudocommand to execute the5diveCLI for administrative operations, including creating Linux users, managing systemd services, and interacting with tmux sessions. While these commands are targeted at a specific management utility, they represent high-privilege operations. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is designed to ingest data from external communication channels (Telegram and Discord) and pass that data as arguments to CLI commands. This creates an attack surface where malicious users could attempt to inject instructions or execute arbitrary commands via shell expansion (e.g., using backticks or command substitution) if the agent fails to properly sanitize the input as instructed in the recipes.
- [EXTERNAL_DOWNLOADS]: The skill supports the installation of additional agent skills from remote GitHub repositories through the
--with-skillsparameter during agent creation. While the default source is the vendor's own repository, the mechanism allows for the introduction of external code into the agent environment. - [CREDENTIALS_UNSAFE]: The skill facilitates the management of sensitive authentication data, such as API keys and bot tokens, by passing them as command-line arguments or storing them in environment files (
.env). This behavior is inherent to the skill's purpose as a management tool but requires careful handling to prevent credential exposure.
Audit Metadata