iblai-deslop
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently instructs the agent to execute shell commands for reconnaissance and auditing, including standard utilities like
findandgrep. It also executes bundled bash scripts such asscripts/scan_dead_code.sh,scripts/scan_patterns.sh, andscripts/scan_dependencies.shto automate the hardening process.\n- [COMMAND_EXECUTION]: The agent is directed to invoke project-specific development tools includingnpx eslint,python -m pylint,go vet, andcargo clippy. These tools may execute code defined in the target project's configuration files or plugins.\n- [PROMPT_INJECTION]: The skill performs an audit of an entire codebase, which involves reading and processing untrusted data. It lacks specific instructions or boundary markers to isolate file content from the agent's control logic, creating a surface for indirect prompt injection where malicious comments or code strings in the audited files could influence the agent's auditing conclusions or subsequent actions.\n - Ingestion points: Reads all source, configuration, and documentation files within the user-provided codebase directory during Phase 1 (Pass 1-3).\n
- Boundary markers: None provided to separate audited content from agent instructions.\n
- Capability inventory: Shell command execution, execution of bundled bash scripts, and writing to the file system (
AUDIT.md).\n - Sanitization: No sanitization or escaping is performed on the content read from the target codebase.\n- [REMOTE_CODE_EXECUTION]: The
scripts/scan_patterns.shscript usesnode -eto callrequire()on apackage.jsonfile within the audited directory. Becauserequire()in Node.js can execute JavaScript code if a malicious.jsfile is placed to shadow the JSON or if the file itself contains executable exports, this represents a potential dynamic code execution risk when auditing untrusted directories.
Audit Metadata