hive-create-task
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages an administrative credential (
HIVE_ADMIN_KEY). In Phase 6.3, it instructs the agent to pass this key as a plaintext command-line argument (--admin-key <key>) during task creation. This practice is unsafe as secrets provided in CLI arguments can be exposed to other users or system processes through process monitoring tools likeps. - [COMMAND_EXECUTION]: The skill makes extensive use of system shell commands to perform its core functions, including initializing git repositories (
git init), changing file permissions (chmod +x), and interacting with thehivecommand-line interface. - [REMOTE_CODE_EXECUTION]: In Phase 5, the skill executes
prepare.shandeval.shscripts that it previously scaffolded based on user input. This dynamic generation and execution of scripts on the local system represents a significant risk, as malicious or malformed instructions could lead to arbitrary code execution during the testing phase.
Audit Metadata