srdf
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script scripts/srdf/cli.py uses the importlib library to dynamically load and execute Python modules. The _load_generator_module function calls exec_module on a user-provided file path to run the gen_srdf() function. This design allows for the execution of arbitrary Python code contained within the target script.
- [COMMAND_EXECUTION]: The scripts/srdf tool operates by executing logic from local files and manipulating the Python search path. It adds the current working directory and the script's parent directory to sys.path during the generation process, which could be exploited in environments containing untrusted files.
Audit Metadata