openagent
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
sudo 5dive agent importto provision new agent instances, which executes commands with elevated system privileges. - [EXTERNAL_DOWNLOADS]: The skill references and downloads assets from GitHub repositories (
5dive-ai/openagent,5dive-ai/character-packs) and fetches the@5dive/openagentpackage from the npm registry. - [REMOTE_CODE_EXECUTION]: The skill uses
npxto execute the@5dive/openagentCLI tool and specifically mentions running code directly from themainbranch of a GitHub repository vianpx github:5dive-ai/openagent. - [PROMPT_INJECTION]: The skill processes external persona files that contain behavior and voice instructions. If sourced from untrusted third parties, these could influence agent behavior.
- Ingestion points: The
npxand5dive agent importcommands read data from<id>.persona.yamlfiles. - Boundary markers: Schema validation is performed, but no explicit instruction-isolation delimiters are mentioned for the persona content.
- Capability inventory: The skill has access to CLI execution, media rendering, and system-level agent provisioning.
- Sanitization: Input is validated against the OpenAgent v0.2 identity specification schema.
Audit Metadata