5dive-cli
Warn
Audited by Snyk on May 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow can ingest outsider-authored free text from public chat/channel messages: when a user request arrives via the Telegram/Discord channel plugin, the inbound
<channel ...>...</channel>body (authored by a third party) is forwarded into the target agent viasudo 5dive agent send ... --reply-to-chat=... --reply-to-msg=... "<user text>", which becomes LLM-readable context in the receiver agent’s CLI.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The CLI will auto-install skills into child agents at runtime from external repos (e.g. the default "5dive-com/skills" / the "5dive-cli" skill or any <owner/repo>: passed via --with-skills), so the agent runtime fetches remote skill content that directly controls agent prompts/behavior and can execute code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill repeatedly instructs the agent to run sudo 5dive agent create/send/rm which creates Linux users (agent-), systemd units, and other privileged on-disk/systemctl state, i.e. it explicitly asks the agent to modify the host state with sudo.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata