sdlc-qa-browse
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
package.jsonandbun.lockfiles specify version numbers for@anthropic-ai/sdk(0.78.0) andplaywright(1.58.2) that do not currently exist in the official NPM registry. This indicates a potential supply chain attack or the use of malicious dependencies from an unverified mirror. - [DATA_EXFILTRATION]: The
src/cookie-import-browser.tsfile implements functionality to programmatically access the macOS Keychain via thesecuritycommand to retrieve storage passwords and decrypt session cookies from Chrome, Edge, and other local browsers. This provides a direct path for the agent to harvest and potentially exfiltrate sensitive authentication tokens. - [REMOTE_CODE_EXECUTION]: The
ubuntu-cmd-install.txtfile contains instructions to add an unverified third-party repository (debian.griffo.io) and trust its GPG keys, which involves executing remote code and trusting software from an unvetted source. - [COMMAND_EXECUTION]: The skill instructions in
ubuntu-cmd-install.txtinclude the use ofsudoto perform system-level modifications, representing a privilege escalation risk. - [EXTERNAL_DOWNLOADS]: Setup instructions in
SKILL.mdguide the download and execution of the Bun installer fromhttps://bun.sh/installusing a shell pipe. - [COMMAND_EXECUTION]: The preamble in
SKILL.mdautomatically executes bash commands to check for updates and manage local session state using binaries located in the user's home directory.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata