developer
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The scripts read project configuration files (like package.json, go.mod, and pyproject.toml) to identify project types and execute corresponding tools. This creates a surface for indirect influence if an agent runs these scripts on a repository with malicious configuration files.\n
- Ingestion points: scripts/check-coverage.sh, scripts/lint-check.sh, and scripts/pre-commit-check.sh.\n
- Boundary markers: None present.\n
- Capability inventory: Execution of common development toolchains (npm, pytest, maven, gradle, cargo) through the shell.\n
- Sanitization: Basic existence checks are performed, but file contents are not strictly validated before influencing logic paths.\n- [Command Execution] (LOW): In scripts/check-coverage.sh, the threshold argument is used within a shell expansion without sanitization. This presents a minor risk of command injection if the script is invoked with untrusted parameters.\n- [External Downloads] (LOW): The scripts utilize npx to run tools such as ESLint and Jest. This can trigger the automatic download and execution of packages from the npm registry if they are not already installed in the local environment.
Audit Metadata