osmo-admin
Warn
Audited by Socket on Jun 24, 2026
1 alert found:
AnomalyAnomalyevals/config.yml
LOWAnomalyLOW
evals/config.yml
This YAML fragment contains no explicit malicious logic, but it substantially increases supply-chain risk by (1) forcing Bash to source an external file via BASH_ENV and (2) executing another external shell script from /workspace/input. Any tampering with the referenced scripts could result in arbitrary command execution, so the referenced files should be integrity-checked/audited before use.
Confidence: 45%Severity: 62%
Audit Metadata