hcom-agent-messaging
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the 'hcom' package via
pip install hcom. The repository (github.com/aannoo/hcom) is not from a trusted organization or repository list. - COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands including
hcom hooks add,hcom reset all, andhcom start. These commands modify the local development environment and manage system processes (spawn, resume, kill). - DATA_EXFILTRATION (LOW): The tool supports 'Cross-device' communication via an 'MQTT relay'. This implies that agent transcripts, event histories, and terminal screens are transmitted over the network to a relay server.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill ingests data from other agents via @mentions, transcripts, and event history (SKILL.md).
- Boundary markers: There are no explicit instructions to treat inter-agent messages as untrusted or to use specific delimiters.
- Capability inventory: The skill can spawn/kill processes, inject text into terminals, and modify file system hooks.
- Sanitization: No sanitization or validation of the messages/transcripts from other agents is mentioned.
Audit Metadata