ov-resources
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting untrusted data from external sources (URLs, Git repositories) via the
ov add-resourcecommand. - Ingestion points: External URLs and Git repositories processed through
ov add-resource(docs/add-resource.md). - Boundary markers: None identified in the provided documentation or examples to separate ingested content from agent instructions.
- Capability inventory: The skill allows file modification (
ov write), deletion (ov rm), and persistent background tasks (ov task watch) as detailed indocs/filesystem.mdanddocs/watch-management.md. - Sanitization: No evidence of content sanitization or validation before processing by the agent.
- [EXTERNAL_DOWNLOADS]: The
ov add-resourcecommand explicitly supports fetching resources from remote URLs and cloning Git repositories, including those from untrusted third-party sources. - [COMMAND_EXECUTION]: The skill provides the agent with the ability to execute a wide range of CLI commands, including destructive operations like recursive removal (
ov rm --recursive) and file overwriting (ov write). - [DATA_EXFILTRATION]: The resource management capabilities allow the agent to read, search, and export data. While intended for context management, these tools can access local filesystem paths and package content into archives (
ov export), which constitutes a data exposure surface.
Audit Metadata