5dive-cli

Fail

Audited by Snyk on Jun 25, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill docs describe several intentional, high-risk capabilities that can be abused: inter-agent "agent send" injects text into another agent's CLI (effectively local RCE / remote command injection between agent users), newly spawned agents auto-inherit credentials via EnvironmentFiles and receive auto-installed skills (enabling credential exposure and lateral propagation), and the self-update / skill-install paths plus writable skill/task stores create clear supply‑chain and exfiltration vectors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). Runtime LLM context can be fed outsider free text via agent send/agent ask when the operating user relays a Telegram/Discord channel request: the channel plugin wraps inbound user text in a <channel ...> tag, and the skill instructs passing that chat context to the target agent using --reply-to-chat/--reply-to-msg, so the receiver agent’s LLM ingests the outsider-authored message body.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged: the skill repeatedly instructs running sudo 5dive commands that create and remove agents (each mapping to real Linux users and systemd units), change service state, and otherwise require elevated privileges to modify the host, so it directly mutates machine state.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 25, 2026, 07:52 AM
Issues
3
Security Audit — snyk — 5dive-cli