eve-bootstrap
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill accesses the sensitive
~/.ssh/directory to list and read public keys for authentication requests. While public keys are non-secret, programmatic access to this directory is a high-risk pattern. The skill also communicates with a non-whitelisted external API (api.eh1.incept5.dev). Severity is adjusted to MEDIUM as these actions are core to the skill's primary function of developer onboarding. - Unverifiable Dependencies & Remote Code Execution (LOW): The skill directs the user to install the
@anthropic/eve-clipackage via npm. Per the [TRUST-SCOPE-RULE], this is classified as LOW severity because the package belongs to a recognized trusted organization. - Indirect Prompt Injection (LOW): The skill processes untrusted user input (e.g., org name, email, project slug) and interpolates it into shell commands and a configuration manifest (
.eve/manifest.yaml). • Ingestion points: User input provided during the onboarding flow. • Boundary markers: Absent in command and file-write templates. • Capability inventory: Execution ofeveCLI commands and file system write operations. • Sanitization: No explicit sanitization or validation of user-provided strings is performed.
Audit Metadata