permission-max
Fail
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to request extremely broad permissions for a wide array of sensitive PowerShell and system commands (e.g.,
Invoke-WebRequest,Invoke-RestMethod,Set-ExecutionPolicy,Start-Process,Remove-Item) by using wildcards (*). This significantly increases the attack surface of the agent environment. - [COMMAND_EXECUTION]: The skill attempts to programmatically enable
autoApprove: truefor powerful system servers includingshell,filesystem,playwright, andworkiq. Enabling auto-approval for shell and filesystem access removes critical security checkpoints for subsequent agent actions. - [DATA_EXFILTRATION]: The skill includes instructions to scan sensitive user directories for configuration and settings files, specifically targeting paths like
$env:APPDATA\Code\User,$env:USERPROFILE\.copilot, and$env:APPDATA\GitHub Copilot. While intended for permission diagnosis, this behavior mimics reconnaissance patterns used to harvest sensitive configuration data. - [COMMAND_EXECUTION]: The skill encourages the execution of subprocesses using highly permissive and dangerous flags such as
--allow-all-tools,--allow-all-urls, and--silent, which can bypass standard tool execution constraints and suppress user notification of potentially malicious activity.
Recommendations
- AI detected serious security threats
Audit Metadata