when-bridging-web-cli-use-web-cli-teleport

Fail

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates a server script (server.js) designed specifically to execute shell commands received over the network.
  • Evidence: In SKILL.md, the /api/cli/execute POST endpoint constructs a command string from the request body: const fullCommand = \${command} ${args.join(' ')}`;and passes it to theexec()` function.
  • [REMOTE_CODE_EXECUTION]: The bridge server implementation provides a functional path for remote code execution (RCE).
  • Evidence: The code in server.js exposes the system's shell via an unauthenticated HTTP API on port 3001. There is no sanitization of the command or args variables, allowing for shell metacharacter injection and arbitrary command execution.
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading and running external packages and tools from remote registries.
  • Evidence: The instructions in README.md, SKILL.md, and PROCESS.md utilize npx claude-flow@alpha for architecture design and component generation, and perform npm install for various dependencies like express and socket.io.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection and command injection through untrusted data processing.
  • Ingestion points: The req.body of the Express server in server.js and the data parameter in the render_web_ui function in cli-tool-with-web.sh.
  • Boundary markers: None present. The inputs are directly interpolated into commands or emitted via WebSockets.
  • Capability inventory: child_process.exec in server.js allows full system command execution.
  • Sanitization: Absent. The server implementation lacks any logic to escape or validate the incoming command strings.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 26, 2026, 03:21 AM
Security Audit — agent-trust-hub — when-bridging-web-cli-use-web-cli-teleport