openhue
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the 'openhue' CLI via a third-party Homebrew tap ('openhue/cli/openhue-cli') which is not from a pre-approved trusted source.
- COMMAND_EXECUTION (SAFE): All commands use the 'openhue' binary to perform light and scene operations as described in the skill's purpose.
- PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface: (1) Ingestion points: Bridge data is read via 'openhue get' commands in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: 'openhue set' commands allow hardware state changes. (4) Sanitization: None specified. This could allow malicious metadata on the bridge to influence the agent.
Audit Metadata