5dive-cli
Fail
Audited by Snyk on Jun 25, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The skill docs describe several intentional, high-risk capabilities that can be abused: inter-agent "agent send" injects text into another agent's CLI (effectively local RCE / remote command injection between agent users), newly spawned agents auto-inherit credentials via EnvironmentFiles and receive auto-installed skills (enabling credential exposure and lateral propagation), and the self-update / skill-install paths plus writable skill/task stores create clear supply‑chain and exfiltration vectors.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Runtime LLM context can be fed outsider free text via
agent send/agent askwhen the operating user relays a Telegram/Discord channel request: the channel plugin wraps inbound user text in a<channel ...>tag, and the skill instructs passing that chat context to the target agent using--reply-to-chat/--reply-to-msg, so the receiver agent’s LLM ingests the outsider-authored message body.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged: the skill repeatedly instructs running sudo 5dive commands that create and remove agents (each mapping to real Linux users and systemd units), change service state, and otherwise require elevated privileges to modify the host, so it directly mutates machine state.
Issues (3)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata