entire
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill guides users to install the
entireCLI via Homebrew or Go from an external repository (github.com/entireio/cli). This source is not on the pre-approved list of trusted organizations, requiring manual verification of the source's integrity. - [PROMPT_INJECTION] (HIGH): The skill exhibits a significant Indirect Prompt Injection surface (Category 8).
- Ingestion points: The agent processes session transcripts, AI prompts, and historical responses via the
entire explaincommand and reads external repository states duringentire rewindoperations. - Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the transcripts being analyzed.
- Capability inventory: The skill possesses high-privilege capabilities including direct filesystem modification (code restoration), git branch management, and destructive operations like
entire reset --force. - Sanitization: There is no evidence of sanitization or filtering of the transcript content before it is re-introduced into the agent's reasoning context.
- [COMMAND_EXECUTION] (LOW): The skill utilizes a suite of CLI commands (
entire enable,entire status,entire rewind,entire doctor) to manage project state. While these are intended functions, they grant the agent the ability to execute complex shell operations that could be abused if the agent is subverted.
Recommendations
- AI detected serious security threats
Audit Metadata