page-qa
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/eval-summary.shperforms unsafe path construction using the$1argument without validation. This allows for path traversal, where a user could potentially force the script to readmeta.jsonorqa.mdfiles from locations outside of the designatedworkspace/pages/directory.
Audit Metadata