Skills
skills/broomva/control-metalayer/control-metalayer-loop/Gen Agent Trust Hub

control-metalayer-loop

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Multiple template scripts designed to be installed into target repositories (including check.sh, smoke.sh, test.sh, web_e2e.sh, and cli_e2e.sh) use the eval command to execute content provided via environment variables such as CONTROL_CHECK_CMD and CONTROL_TEST_CMD. This enables arbitrary shell command execution if these variables are influenced by untrusted sources.
  • [COMMAND_EXECUTION]: The scripts/control_wizard.py tool uses subprocess.run to execute bash scripts (bootstrap_control.sh and audit_control.sh) for repository setup and compliance auditing.
  • [COMMAND_EXECUTION]: The skill implements persistence and execution control by modifying the local Git configuration (core.hooksPath) via scripts/control/install_hooks.sh. This redirects standard Git hooks to a skill-managed directory (.githooks), ensuring specific scripts run during Git operations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 07:14 AM