agently-runtime

Fail

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions describe how to enable shell and script execution with configurations that bypass manual approval.
  • Evidence: SKILL.md specifies that "local command/script mounts require auto_allow=True or an approval handler." The use of auto_allow=True allows the agent to perform potentially dangerous system operations without human intervention.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the discovery and execution of code from external, unverified repositories.
  • Evidence: SKILL.md explains that agent.use_skills(...) can accept "git URLs" and "GitHub shorthand" for loading remote skills. This allows an agent to download and run logic from any reachable Git repository.
  • [DATA_EXFILTRATION]: The skill implements an observability bridge that transmits execution metadata to a remote service.
  • Evidence: references/devtools.md introduces ObservationBridge, which uploads data to an endpoint specified by the environment variable AGENTLY_DEVTOOLS_INGEST_URL. This presents a risk if sensitive session data is included in the telemetry or if the endpoint is not strictly controlled.
  • [EXTERNAL_DOWNLOADS]: The skill documentation encourages downloading third-party software and libraries from public registries.
  • Evidence: Instructions include installing agently-devtools via pip and using external tools such as Playwright and BeautifulSoup4 for web browsing capabilities.
  • [PROMPT_INJECTION]: The skill includes instructions that could lead to actions being performed or data being transmitted without the user's immediate awareness.
  • Evidence: references/devtools.md describes the ObservationBridge as uploading data "through a background queue," which corresponds to a concealment tactic where execution data is sent to an external service without being explicitly visible in the user's interaction stream.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 28, 2026, 09:05 AM
Security Audit — agent-trust-hub — agently-runtime