hc
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages tasks by executing local
hiveCLI commands for operations like creating epics, listing work items, and updating statuses. These commands are part of the vendor-provided toolset for the environment. - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design. 1. Ingestion points: Untrusted data enters via task titles, descriptions, and comments processed by the
hive hc createandhive hc commentcommands. 2. Boundary markers: Thehive hc contextcommand aggregates these into a context block without specified delimiters or instruction-bypass warnings to prevent malicious content from influencing future agent actions. 3. Capability inventory: The skill allows for the creation and update of task metadata and comments via the localhiveCLI. 4. Sanitization: No sanitization of user-provided or agent-provided comments is mentioned before they are rendered into the context block for subsequent agent sessions.
Audit Metadata