Skills
skills/camoa/claude-skills/code-quality-audit/Gen Agent Trust Hub

code-quality-audit

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Remote Code Execution from Untrusted Sources (CRITICAL): The skill contains multiple instances of downloading and piping shell scripts directly into the shell (e.g., curl | sh) from raw.githubusercontent.com. Specifically, the installation scripts for trivy and gitleaks originate from organizations (aquasecurity and gitleaks) that are NOT on the [TRUST-SCOPE-RULE] whitelist. Piped execution is an extremely high-risk pattern that allows for arbitrary code execution during the tool setup phase.
  • Evidence found in:
  • references/operations/drupal-security.md (Trivy and Gitleaks installation)
  • references/operations/nextjs-security.md (Trivy and Gitleaks installation)
  • references/operations/nextjs-setup.md (Trivy and Gitleaks installation)
  • Indirect Prompt Injection (HIGH): This skill is designed to audit local codebases (Drupal and Next.js). It ingests untrusted data (the code being audited) and has highly exploitable capabilities including arbitrary command execution (ddev exec, npm install, npx), file modification (writing configurations), and network operations. An attacker could place malicious instructions inside a project file (e.g., a comment in a .php or .ts file) that triggers the agent to execute malicious commands or exfiltrate data during the audit process.
  • Ingestion points: scripts/drupal/solid-check.sh (grep/phpstan), scripts/nextjs/lint-check.sh (eslint).
  • Capability inventory: Full subprocess execution via ddev, npm, and npx; file system writes for reports and configs.
  • Sanitization: No evidence of sanitization for ingested file content before being processed by the agent.
  • Command Execution & Privilege Escalation (HIGH): The skill frequently executes system commands that modify the host environment. The installation scripts for security tools attempt to write to /usr/local/bin, which typically requires root/sudo privileges. The skill also performs automated package installations (ddev composer require, npm install) which can execute arbitrary lifecycle scripts from the downloaded packages.
  • Dynamic Code Generation (MEDIUM): The skill dynamically generates configuration files such as rector.php, phpstan.neon, and GitHub Actions workflows (github-drupal.yml) based on environment detection. While a standard feature, this provides a secondary vector for the agent to create executable content based on potentially manipulated environment variables or project structures.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh, https://raw.githubusercontent.com/gitleaks/gitleaks/master/scripts/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 11:57 PM