Skills
skills/incept5/eve-skillpacks/eve-auth-and-secrets/Gen Agent Trust Hub

eve-auth-and-secrets

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents numerous CLI operations using the eve tool and curl for authentication, secret provisioning, and administrative tasks.
  • [DATA_EXFILTRATION]: The skill instructs the agent to help users sync sensitive local data, including SSH public keys and OAuth tokens from AI development tools (Claude/Codex), to the Eve platform's remote storage. This data movement is the primary intended function of the skill for credential synchronization.
  • [EXTERNAL_DOWNLOADS]: References to Node.js packages @eve-horizon/auth and @eve-horizon/auth-react for application SSO integration are included.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) by processing untrusted data from .env and .eve/access.yaml files which influence agent behavior. Mandatory Evidence: 1. Ingestion points: SKILL.md (via eve secrets import .env) and .eve/access.yaml. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls to the eve CLI and curl network operations. 4. Sanitization: None described.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 03:04 PM