byterover
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill requires the agent to execute the
brvbinary on the host system to perform query and curation tasks. This relies on an external, unverified dependency being present in the environment. - [DATA_EXFILTRATION] (HIGH): The
brv curatecommand explicitly reads local files (using the-fflag) and sends their content to a 'Context Tree' managed by ByteRover Inc. (byterover.dev). While this is the primary purpose of the skill, it facilitates the bulk transfer of source code and potentially sensitive configuration to an external third-party service. Severity is reduced to MEDIUM as this is the primary stated purpose. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through its core data loop.
- Ingestion points: Data enters the agent context through
brv queryresults and file contents read via the-fflag inSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the retrieved context are provided.
- Capability inventory: The skill possesses shell execution capabilities (executing
brv) and file read capabilities (passing file paths tobrv). - Sanitization: There is no evidence of sanitization or validation of the data retrieved from the 'Context Tree' before it is processed by the agent.
Audit Metadata