hzdb-cli
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and execution of the
@meta-quest/hzdbpackage from the NPM registry. This is a standard distribution method for this official developer tool and aligns with the vendor's own infrastructure. - [COMMAND_EXECUTION]: The skill enables the execution of CLI commands via the
Bash(hzdb:*)tool. These commands are used for device management, application lifecycle control, and performance analysis on Meta Quest headsets, which is the primary and intended purpose of the skill. - [DATA_EXFILTRATION]: The skill provides capabilities to read device logs and pull files from connected headsets. It also fetches documentation from
developers.meta.com. These operations are limited to the developer's connected hardware and official Meta documentation services. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from device logs and external documentation. However, it provides robust mitigation guidance:
- Ingestion points: Data enters the context through
hzdb log,hzdb adb logcat,hzdb docs search, andhzdb docs fetch(identified inreferences/hzdb-docs-search.mdandreferences/hzdb-app-management.md). - Boundary markers: The skill explicitly recommends a 'Verify-first workflow' and instructs agents to treat fetched data as untrusted (found in
references/hzdb-agent-workflows.md). - Capability inventory: The agent can execute shell commands and manage files on the connected device via the
hzdbCLI (defined inSKILL.md). - Sanitization: The instructions advocate for server-side restrictions and human-in-the-loop approvals for destructive actions.
Audit Metadata