skills/5dive-ai/skills/openagent/Gen Agent Trust Hub

openagent

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run sudo 5dive agent import to provision new agent instances, which executes commands with elevated system privileges.
  • [EXTERNAL_DOWNLOADS]: The skill references and downloads assets from GitHub repositories (5dive-ai/openagent, 5dive-ai/character-packs) and fetches the @5dive/openagent package from the npm registry.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to execute the @5dive/openagent CLI tool and specifically mentions running code directly from the main branch of a GitHub repository via npx github:5dive-ai/openagent.
  • [PROMPT_INJECTION]: The skill processes external persona files that contain behavior and voice instructions. If sourced from untrusted third parties, these could influence agent behavior.
  • Ingestion points: The npx and 5dive agent import commands read data from <id>.persona.yaml files.
  • Boundary markers: Schema validation is performed, but no explicit instruction-isolation delimiters are mentioned for the persona content.
  • Capability inventory: The skill has access to CLI execution, media rendering, and system-level agent provisioning.
  • Sanitization: Input is validated against the OpenAgent v0.2 identity specification schema.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 11:01 PM
Security Audit — agent-trust-hub — openagent