eightctl
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
eightctlcommand-line utility from a public GitHub repository (github.com/steipete/eightctl) using the Go toolchain. This download is necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill executes the
eightctlbinary to perform various tasks such as checking pod status, adjusting temperature, and managing alarms. These commands are consistent with the skill's described purpose. - [PROMPT_INJECTION]: An indirect prompt injection surface was identified where the agent processes data from the Eight Sleep API (e.g., alarm names or schedules). However, the risk is minimal as the skill does not grant elevated system privileges and the data source is the user's own device account.
- [SAFE]: No evidence of obfuscation, hardcoded credentials, persistence mechanisms, or unauthorized data exfiltration was found in the provided files.
Audit Metadata