hokipoki
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @next-halo/hokipoki-cli package from the npm registry for managing AI routing tasks.- [DATA_EXFILTRATION]: The hokipoki request command transmits local files, directories, or entire repository contents to external peer-to-peer providers for AI processing.- [COMMAND_EXECUTION]: Executes shell commands to interface with the P2P network, including the hokipoki listen command which allows remote tasks to execute locally within isolated Docker containers.- [PROMPT_INJECTION]: Potential surface for indirect prompt injection as the skill processes tasks and patches from remote, untrusted AI providers.
- Ingestion points: Task descriptions and remote AI responses received via hokipoki request.
- Boundary markers: None specified in the instructions.
- Capability inventory: Shell command execution via CLI and git repository modifications.
- Sanitization: No explicit sanitization of remote patches is documented before auto-application.- [CREDENTIALS_UNSAFE]: Identifies the locations of sensitive authentication tokens and OAuth credentials for AI providers in the local filesystem (e.g., ~/.codex/auth.json, ~/.gemini/oauth_creds.json).
Audit Metadata