byterover-headless
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the @byterover/cli package from npm. The @byterover organization is not recognized as a trusted source, presenting a potential supply-chain risk.
- [COMMAND_EXECUTION] (LOW): Multiple shell commands such as brv login, brv init, and brv curate are executed to interact with the CLI tool.
- [DATA_EXFILTRATION] (LOW): The brv push command sends local project data (patterns, decisions, and implementation details) to an external domain (byterover.dev/com). While this is the intended purpose of the tool, it involves data transfer to a non-whitelisted destination.
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection. * Ingestion points: Knowledge base data retrieved and curated via brv CLI commands. * Boundary markers: No delimiters or warnings are specified to separate untrusted knowledge data from agent instructions. * Capability inventory: Shell command execution via the brv CLI. * Sanitization: No sanitization or validation of the external content is performed before processing.
Audit Metadata