Skills
skills/5dive-com/skills/5dive-cli/Gen Agent Trust Hub

5dive-cli

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses sudo to execute the 5dive CLI for system-level management tasks, including creating Linux users and systemd units.\n
  • Evidence: sudo 5dive agent create, sudo 5dive agent rm in SKILL.md.\n- [CREDENTIALS_UNSAFE]: The skill manages environment files and API keys in privileged directory locations.\n
  • Evidence: /etc/5dive/connectors/ and /var/lib/5dive/agents.d/ in references/paths.md.\n
  • Evidence: Use of auth set --api-key=- to provision credentials.\n- [PROMPT_INJECTION]: The skill interpolates user-supplied text directly into shell commands for inter-agent communication, creating a surface for command injection or indirect instruction injection.\n
  • Ingestion points: User prompts and side-task descriptions in SKILL.md.\n
  • Boundary markers: None present in the provided shell recipes.\n
  • Capability inventory: High-privilege shell access via sudo across all scripts.\n
  • Sanitization: No explicit escaping or validation of the prompt variable before interpolation into the 5dive agent send command.\n- [EXTERNAL_DOWNLOADS]: The skill supports fetching additional tools or instructions from external repositories during agent provisioning.\n
  • Evidence: The --with-skills flag in references/commands.md facilitates remote resource fetching.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 09:20 AM