agently-runtime
Fail
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions describe how to enable shell and script execution with configurations that bypass manual approval.
- Evidence: SKILL.md specifies that "local command/script mounts require
auto_allow=Trueor an approval handler." The use ofauto_allow=Trueallows the agent to perform potentially dangerous system operations without human intervention. - [REMOTE_CODE_EXECUTION]: The skill facilitates the discovery and execution of code from external, unverified repositories.
- Evidence: SKILL.md explains that
agent.use_skills(...)can accept "git URLs" and "GitHub shorthand" for loading remote skills. This allows an agent to download and run logic from any reachable Git repository. - [DATA_EXFILTRATION]: The skill implements an observability bridge that transmits execution metadata to a remote service.
- Evidence: references/devtools.md introduces
ObservationBridge, which uploads data to an endpoint specified by the environment variableAGENTLY_DEVTOOLS_INGEST_URL. This presents a risk if sensitive session data is included in the telemetry or if the endpoint is not strictly controlled. - [EXTERNAL_DOWNLOADS]: The skill documentation encourages downloading third-party software and libraries from public registries.
- Evidence: Instructions include installing
agently-devtoolsviapipand using external tools such as Playwright and BeautifulSoup4 for web browsing capabilities. - [PROMPT_INJECTION]: The skill includes instructions that could lead to actions being performed or data being transmitted without the user's immediate awareness.
- Evidence: references/devtools.md describes the
ObservationBridgeas uploading data "through a background queue," which corresponds to a concealment tactic where execution data is sent to an external service without being explicitly visible in the user's interaction stream.
Recommendations
- AI detected serious security threats
Audit Metadata