eightctl
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of a Go module from an unverified third-party GitHub repository (github.com/steipete/eightctl). This introduces external executable code into the agent's environment that is not maintained by a trusted organization.
- [COMMAND_EXECUTION]: The skill is designed to execute the eightctl binary with various subcommands to interact with hardware pods, including viewing status and modifying settings.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). Ingestion points: Data enters the agent context through the output of commands like eightctl status, eightctl alarm list, and eightctl schedule list which fetch data from the Eight Sleep API. Boundary markers: No explicit delimiters or instructions are used to isolate device-provided data. Capability inventory: The agent can execute system commands and modify hardware state. Sanitization: There is no evidence of sanitization or validation of the API data before it is processed by the agent.
Audit Metadata