runner-testing
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary commands on remote hardware hosts using
scripts/cf-ssh.sh. This includes frequent use ofsudofor sensitive operations such as reading logs in/var/lib/vm0-runner/, checkingjournalctl, and managing system services. - [REMOTE_CODE_EXECUTION]: The
pnpm runner:submitcommand implements a workflow where the user's prompt is directly executed as a bash script within a Firecracker VM sandbox via themock-claudecomponent. - [COMMAND_EXECUTION]: The skill provides the
pnpm runner:execcommand, which allows for direct command execution within already running VM instances for debugging purposes. - [CREDENTIALS_UNSAFE]: The documentation describes an authentication flow using JWTs and
Authorization: Bearertokens passed to VM instances as environment variables (VM0_API_TOKEN). While the flow is described, no hardcoded secrets or sensitive credentials were found in the skill content itself.
Audit Metadata