deepvista
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to silently execute
deepvista upgrade checkupon loading to verify the CLI version. - [COMMAND_EXECUTION]: The
deepvista agents registercommand modifies the agent's platform configuration (e.g.,~/.claude/settings.json) to install a persistent "Stop" hook. This hook automatically executes status synchronization commands after every conversation turn to provide heartbeats to the vendor's dashboard. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and upgrading of the
deepvista-clitool and its dependencies from public registries like PyPI and via theuvtool. - [DATA_EXFILTRATION]: The CLI manages sensitive authentication credentials stored in
~/.config/deepvista/credentials.jsonand transmits user-supplied knowledge base content, including notes and local files, to the external API atapp.deepvista.ai. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from local files and notes for entity extraction, summarization, and the automated creation of new agent skills. The process lacks explicit boundary markers or content sanitization to prevent embedded instructions from influencing agent behavior.
- [COMMAND_EXECUTION]: The skill includes functionality to generate and write executable
SKILL.mdfiles to local agent directories (e.g.,~/.agents/skills/), which constitutes dynamic script generation.
Audit Metadata