eve-auth-and-secrets
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
eveCLI tool for various authentication and management tasks, such aseve auth login,eve secrets set, andeve access sync. These operations are consistent with the skill's role as a platform management interface and are documented for intended user interaction.\n- [DATA_EXFILTRATION]: The skill facilitates the management of sensitive credentials, including API keys and OAuth tokens, by syncing them to the Eve platform via commands likeeve auth sync. This represents the primary functionality of the skill as a secret management tool and is performed through explicit, user-initiated CLI actions.\n- [PROMPT_INJECTION]: The skill defines a surface for potential indirect prompt injection through the processing of external configuration files.\n - Ingestion points: The skill reads data from
.env,.eve/manifest.yaml, and.eve/access.yamlfiles to manage secrets and access policies.\n - Boundary markers: The instructions do not define specific delimiters or warnings to ignore embedded instructions within these configuration files.\n
- Capability inventory: The skill performs command execution via the
eveCLI and network operations to interact with the Eve API.\n - Sanitization: The skill provides manifest validation features (
eve manifest validate) to check for missing or invalid configuration before deployment.
Audit Metadata