minimal-run-and-audit
Warn
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run_command.pyusessubprocess.run()to execute commands provided via the--commandcommand-line argument. While it usesshlex.split()to prevent simple shell injection, it still allows the execution of arbitrary binaries present on the system. - [REMOTE_CODE_EXECUTION]: The script
scripts/write_outputs.pyusesimportlib.utilto dynamically load and execute a Python module from the path../../../shared/scripts/write_run_bundle.py. This dynamic loading from a computed relative path escapes the skill's own directory structure and creates a dependency on external code that is not part of the skill's own file set. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from the environment.
- Ingestion points:
scripts/run_command.pycaptures thestdoutandstderrfrom executed commands in theexecute_commandfunction. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands when processing the captured output.
- Capability inventory: The skill can execute subprocesses via
subprocess.runinscripts/run_command.pyand write files viascripts/write_outputs.py. - Sanitization: While the script uses regex to extract metrics, the raw logs are included in the final execution summary without sanitization.
Audit Metadata