hive-setup
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the
uvinstallation script fromastral.sh, a well-known service for Python tooling. - [COMMAND_EXECUTION]: Automatically executes a shell script named
prepare.shfound within a cloned task directory, allowing for arbitrary code execution from a remote source. - Evidence:
bash prepare.shinSKILL.md(Step 5). - [COMMAND_EXECUTION]: Requests elevated privileges using
sudoto install system-level Python packages on Linux environments. - Evidence:
sudo apt-get install -y python3 python3-pipinSKILL.md(Step 1). - [EXTERNAL_DOWNLOADS]: Installs Python dependencies defined in a
requirements.txtfile from a cloned repository, which may lead to the installation of untrusted packages. - Evidence:
uv pip install -r requirements.txtinSKILL.md(Step 5). - [CREDENTIALS_UNSAFE]: Accesses and manages sensitive SSH private keys and their filesystem permissions in the user's home directory.
- Evidence:
~/.hive/keys/inSKILL.md(Step 4). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from a remote hive server.
- Ingestion points:
hive task listandhive task clonecommands inSKILL.md. - Boundary markers: No delimiters or warnings are used to separate task descriptions or metadata from instructions.
- Capability inventory: The agent has the ability to run
bash prepare.sh, performpipinstallations, and executesudocommands. - Sanitization: No validation or sanitization of the server-provided task data is performed before execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata