hcom-agent-messaging
Fail
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup process involves fetching a shell script from a remote GitHub repository (hcom-installer.sh) and piping it directly to the system shell. This pattern allows for arbitrary code execution on the host without verification.
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes an external script during installation.
- [COMMAND_EXECUTION]: The skill provides tools to launch headless background agents, kill processes, and inject arbitrary text or commands directly into the terminal sessions of other agents.
- [DATA_EXFILTRATION]: Agents can access full transcripts, tool logs, and event histories of other agents. This information can be sent between agents or exfiltrated via a cross-device MQTT relay system.
- [PROMPT_INJECTION]: The skill is inherently vulnerable to indirect prompt injection as it facilitates communication and log sharing between agents. A malicious message or transcript could influence a receiving agent's actions. 1. Ingestion points: 'hcom send' and 'hcom transcript' (SKILL.md). 2. Boundary markers: Absent in documentation. 3. Capability inventory: Agent spawning, terminal injection, and network relaying. 4. Sanitization: None.
Recommendations
- HIGH: Downloads and executes remote code from: https://github.com/aannoo/hcom/releases/latest/download/hcom-installer.sh - DO NOT USE without thorough review
Audit Metadata