agent-rules
Audited by Socket on Jun 18, 2026
2 alerts found:
Obfuscated Filex2The script is a legitimate utility but contains a significant security flaw: it executes untrusted command strings extracted from AGENTS.md via bash -c after only checking the first token against a whitelist. This permits command injection (through shell metacharacters or chaining) for any entry whose base command is whitelisted. Running the script with SMOKE_TEST=true on untrusted or attacker-modified AGENTS.md can lead to arbitrary command execution, data access, network requests, or repository mutation. Recommended mitigations: never run smoke tests on untrusted markdown; sanitize and validate entire command strings (reject shell metacharacters), avoid using bash -c with unsanitized input (use arrays and execvp-style invocation), restrict allowed subcommands/arguments rather than only base token, apply stricter allowlist for potentially destructive tools (curl/docker) or run tests in a safe sandbox/container, and avoid auto-modifying AGENTS.md unless explicit consent (or require DRY_RUN=false to be deliberate).
The analyzed shell script is a legitimate, read-only verification utility that ensures AGENTS.md aligns with the repository’s actual state. It focuses on existence checks for documented files, Makefile targets, and scoped documentation, aggregates issues, and optionally suggests fixes. While effective within its assumed project structure, its accuracy depends on stable AGENTS.md formatting and directory conventions. No malicious behavior detected; primary risk lies in false positives/negatives due to structural differences across projects.