5dive-cli
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
sudo 5diveto perform high-privilege system operations on the host VM. This includes creating and removing Linux users (e.g.,agent-<name>), managing systemd units (5dive-agent@<name>.service), and interacting with tmux sessions. These operations are within the stated purpose of the skill for agent lifecycle management. - [EXTERNAL_DOWNLOADS]: The CLI facilitates downloading and installing agent binaries (e.g., via
5dive agent install <type>) and additional skills from the vendor's repository (e.g.,5dive-com/skills). These downloads are directed at official vendor sources. - [REMOTE_CODE_EXECUTION]: The skill enables the execution of remote code by spawning new agent instances and installing external skills onto those agents. This is a core feature of the multi-agent orchestration design.
- [INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection as it processes data from external communication channels (Telegram, Discord) and inter-agent messages. It instructs the agent to parse attributes from
<channel>tags and peer message envelopes to determine its actions, such as replying to specific chat IDs. There are no explicit instructions for input sanitization or boundary enforcement mentioned in the provided documentation.
Audit Metadata