hive-create
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands, including
mkdir -p exports/AGENT_NAME/nodesanduv run python -m AGENT_NAME validate. These commands directly interpolate theAGENT_NAMEvariable, which is sourced from user input. This creates a potential for command injection if the user provides a malicious string instead of a valid snake_case name. - [REMOTE_CODE_EXECUTION]: The core functionality of the skill involves writing multiple Python files to the filesystem and then executing the resulting package using
uv run. Executing code that has been dynamically generated from user-influenced definitions is a high-risk pattern that can lead to arbitrary code execution. - [PROMPT_INJECTION]: The
SKILL.mdfile uses 'CRITICAL' behavioral overrides to force the agent into a specific workflow, instructing it not to explore the codebase or explain its actions, which bypasses standard agent reasoning protocols. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the way it processes user input.
- Ingestion points: The skill collects agent names, goals, and node descriptions via the
AskUserQuestiontool inSKILL.md. - Boundary markers: There are no boundary markers or instructions to delimit user-provided content within the generated system prompts for the new agent nodes.
- Capability inventory: The skill can create directories, write files across the workspace, and execute arbitrary Python modules via
uv. - Sanitization: The skill lacks any explicit sanitization or validation of user-provided strings before they are used to generate code or construct shell commands.
Audit Metadata