qa-test-planner
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The scripts 'scripts/create_bug_report.sh' (line 34) and 'scripts/generate_test_cases.sh' (line 30) use the 'eval' command to assign user-provided input to variables within the 'prompt_input' function. This allows an attacker to execute arbitrary commands by providing input containing shell metacharacters like semicolons, backticks, or dollar-sign parentheses (e.g., 'title"; touch pwned; #').\n- DATA_EXPOSURE (LOW): The bug report and test case templates ('references/bug_report_templates.md', 'references/test_case_templates.md') encourage users to include system environment details, console logs, and network errors. These data sources frequently contain sensitive information such as PII, session tokens, or internal IP addresses that should be sanitized before submission.
Recommendations
- AI detected serious security threats
Audit Metadata