Skills
skills/ortus-boxlang/skills/commandbox-task-runners/Gen Agent Trust Hub

commandbox-task-runners

Warn

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of shell() and command() functions, which allow the execution of arbitrary shell and CommandBox commands. This includes the ! prefix for direct OS command execution.
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions for downloading files from external URLs using the progressable.download() method.
  • [REMOTE_CODE_EXECUTION]: The classLoad() function is documented for loading JAR files at runtime, which allows for the execution of arbitrary Java code. Additionally, moduleService.registerAndActivateModule() enables dynamic loading of modules.
  • [DATA_EXFILTRATION]: The skill describes capabilities like bx:mail for sending emails and queryExecute() for database access, which could be leveraged to move data out of the environment if misused.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 02:44 PM