Skills
skills/composiohq/openclaw-composio/eightctl/Gen Agent Trust Hub

eightctl

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the eightctl binary from a third-party GitHub repository (github.com/steipete/eightctl) using the Go module system.
  • [COMMAND_EXECUTION]: Executes the eightctl CLI tool to perform operations on local configuration files and remote device APIs.
  • [CREDENTIALS_UNSAFE]: References sensitive authentication data including environment variables (EIGHTCTL_EMAIL, EIGHTCTL_PASSWORD) and a local configuration file (~/.config/eightctl/config.yaml).
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through data processed from the unofficial Eight Sleep API.
  • Ingestion points: Command output from eightctl status, alarm list, and schedule list in SKILL.md.
  • Boundary markers: Absent from the prompt instructions.
  • Capability inventory: File system access and CLI execution capabilities in SKILL.md.
  • Sanitization: No validation or escaping of external content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 09:12 PM