scenario
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scenario schema in 'references/scenario-schema.md' includes a 'check' field for shell commands that are executed during the validation process.
- [REMOTE_CODE_EXECUTION]: Documentation examples illustrate the use of 'curl' within these shell commands, which can be leveraged to execute remote code.
- [DATA_EXFILTRATION]: The arbitrary shell execution capability allows reading sensitive local data and transmitting it via network utilities like 'curl'.
- [PROMPT_INJECTION]: The skill generates JSON files with executable commands from user-provided natural language descriptions via 'ao scenario add'. This presents an indirect prompt injection surface. Evidence: 1. Ingestion: 'ao scenario add' arguments in 'SKILL.md'. 2. Boundaries: Absent. 3. Capabilities: Shell execution of the 'check' field in scenario JSON files. 4. Sanitization: Absent.
Audit Metadata