security-suite
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/security_suite.pyscript executes target binaries provided by the user to perform dynamic analysis. Although it uses list-based arguments withsubprocess.Popento avoid shell injection, the binary itself is executed with the system privileges of the agent. The "sandbox" implementation is minimal, relying on environment variable redirection forHOMEandTMPDIRand does not provide strong isolation, resource limits, or kernel-level restrictions (like namespaces or cgroups) to prevent a malicious binary from affecting the host system. - [PROMPT_INJECTION]: The skill processes untrusted external data in the form of binary files and repository source code, creating a surface for indirect prompt injection attacks.
- Ingestion points: Target binary files provided via the
--binaryflag inscripts/security_suite.pyand repository files scanned via the--repo-rootflag inscripts/prompt_redteam.py. - Boundary markers: Absent. The skill does not wrap external data in delimiters or provide explicit instructions to the agent to ignore any embedded directives within the files being processed.
- Capability inventory: Executing arbitrary binaries (
subprocess.Popen), reading file contents (Path.read_text), and monitoring system processes and network connections (ps,lsof). - Sanitization: The script uses
shlex.quoteand list-based execution to prevent command injection at the shell level, but it does not sanitize or validate the behavior of the binaries it executes or the content it reads from the repository.
Audit Metadata