The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @hivoai/cli package from npm or a binary from the vendor's repository at github.com/zhiyuzi/Hivo/releases. These are legitimate vendor resources for the 'zhiyuzi' ecosystem.- [COMMAND_EXECUTION]: The skill executes shell commands using the hivo CLI to manage identities, generate tokens, and update profiles.- [CREDENTIALS_UNSAFE]: The skill handles sensitive cryptographic data by creating and reading private keys stored at ~/.hivo/agents/{sub}/private_key.pem. This behavior is central to the skill's identity management function.- [DATA_EXFILTRATION]: The skill performs network operations to register identities and acquire tokens from the service at https://id.hivo.ink.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates user-provided inputs, such as handles and service audiences, into shell commands without boundary markers or sanitization logic. * Ingestion points: User-supplied <handle> and <audience> strings. * Boundary markers: None. * Capability inventory: File system access and network operations via the CLI. * Sanitization: No validation or escaping is implemented in the command templates.

hivo-identity