eve-auth-and-secrets

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the eve CLI tool for various authentication and management tasks, such as eve auth login, eve secrets set, and eve access sync. These operations are consistent with the skill's role as a platform management interface and are documented for intended user interaction.\n- [DATA_EXFILTRATION]: The skill facilitates the management of sensitive credentials, including API keys and OAuth tokens, by syncing them to the Eve platform via commands like eve auth sync. This represents the primary functionality of the skill as a secret management tool and is performed through explicit, user-initiated CLI actions.\n- [PROMPT_INJECTION]: The skill defines a surface for potential indirect prompt injection through the processing of external configuration files.\n
  • Ingestion points: The skill reads data from .env, .eve/manifest.yaml, and .eve/access.yaml files to manage secrets and access policies.\n
  • Boundary markers: The instructions do not define specific delimiters or warnings to ignore embedded instructions within these configuration files.\n
  • Capability inventory: The skill performs command execution via the eve CLI and network operations to interact with the Eve API.\n
  • Sanitization: The skill provides manifest validation features (eve manifest validate) to check for missing or invalid configuration before deployment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 05:46 AM
Security Audit — agent-trust-hub — eve-auth-and-secrets