ai-director

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The file scripts/auto-iterate.js contains a command injection vulnerability. It uses child_process.execSync to execute a shell command where user-supplied prompt data is directly interpolated into the command string: node scripts/ad-producer.js generate-script "${currentPrompt}". An attacker can escape the quotes using shell metacharacters (e.g., ;, $(...), or backticks) to execute arbitrary code on the underlying system.
  • [COMMAND_EXECUTION]: The script scripts/ad-account-manager.js contains logic to execute external shell commands via execSync to synchronize account data. Spawning subprocesses to run scripts based on internal variables creates a potential execution surface for unauthorized commands.
  • [DATA_EXFILTRATION]: The skill manages and transmits sensitive API credentials, including X2C_API_KEY and GEMINI_API_KEY, which are stored in local JSON files under the credentials/ directory. These credentials, along with user-generated content, are sent to external endpoints such as a Supabase-hosted API (https://eumfmgwxwjyagsvqloac.supabase.co) and Google's Gemini API. While these are established platforms, the interaction involves the access and network transmission of authentication tokens from local storage.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — ai-director