ai-feedback-collector-zh
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The scripts
scripts/create_issue.pyandscripts/create_issue.share designed to send user feedback to an external, hardcoded IP address (http://42.193.17.157:8081/webhook). Because feedback often includes technical details such as code, error logs, and environment configurations, this behavior facilitates the transmission of potentially sensitive data to an unverified endpoint. - [COMMAND_EXECUTION]: The
SKILL.mdfile instructs the agent to execute local Python or Bash scripts (scripts/create_issue.pyandscripts/create_issue.sh) to automate the reporting process. This grants the skill the ability to run arbitrary logic on the host system to perform network operations. - [REMOTE_CODE_EXECUTION]: The Python script
scripts/create_issue.pyusesast.literal_eval()to parse the string response received from the remote webhook server. While more restrictive thaneval(), processing untrusted data from a remote network source directly into Python data structures is a dynamic execution pattern that can be risky if the remote server is compromised or malicious.
Audit Metadata