permission-max

Fail

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to request extremely broad permissions for a wide array of sensitive PowerShell and system commands (e.g., Invoke-WebRequest, Invoke-RestMethod, Set-ExecutionPolicy, Start-Process, Remove-Item) by using wildcards (*). This significantly increases the attack surface of the agent environment.
  • [COMMAND_EXECUTION]: The skill attempts to programmatically enable autoApprove: true for powerful system servers including shell, filesystem, playwright, and workiq. Enabling auto-approval for shell and filesystem access removes critical security checkpoints for subsequent agent actions.
  • [DATA_EXFILTRATION]: The skill includes instructions to scan sensitive user directories for configuration and settings files, specifically targeting paths like $env:APPDATA\Code\User, $env:USERPROFILE\.copilot, and $env:APPDATA\GitHub Copilot. While intended for permission diagnosis, this behavior mimics reconnaissance patterns used to harvest sensitive configuration data.
  • [COMMAND_EXECUTION]: The skill encourages the execution of subprocesses using highly permissive and dangerous flags such as --allow-all-tools, --allow-all-urls, and --silent, which can bypass standard tool execution constraints and suppress user notification of potentially malicious activity.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 24, 2026, 08:18 PM
Security Audit — agent-trust-hub — permission-max