eywa
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill is designed to send detailed activity logs—including file names, git operations, and command outcomes—to a third-party remote server (
eywa-mcp.armandsumo.workers.dev). This constitutes a data exposure risk as it transmits internal metadata to an endpoint not managed by a trusted organization. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the
eywa-aipackage from the NPM registry, which is not from a trusted organization or repository. - [COMMAND_EXECUTION] (LOW): Uses a local bash script (
eywa-call.sh) to facilitate communication with the remote API. - [INDIRECT_PROMPT_INJECTION] (LOW): Vulnerability surface identified where the skill ingests state and tasks from an external server. 1. Ingestion points:
eywa-call.shoutput fromeywa_startandeywa_tasks. 2. Boundary markers: Absent; the agent is instructed to read and follow the snapshot. 3. Capability inventory: Filesystem, git, and CI tool access. 4. Sanitization: Absent.
Audit Metadata