ace-tool
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (MEDIUM): The
indexcommand (scripts/ace_cli.py) scans the local project and uploads code blobs to a user-definedACE_API_URL. While it includes anEXCLUDE_PATTERNSlist (scripts/templates.py) to avoid sensitive files like.env, the core functionality involves sending the codebase to an external service. - PROMPT_INJECTION (LOW): The
SKILL.mdfile contains instructions aimed at overriding the agent's tool selection logic ("IMPORTANT: Always use ace-tool BEFORE grep/find/glob"). Similarly,scripts/templates.pyuses "⚠️ NO TOOLS ALLOWED ⚠️" to constrain the LLM's capabilities during prompt enhancement. - PROMPT_INJECTION (LOW): The prompt enhancement feature (scripts/ace_cli.py) interpolates potentially untrusted user input into templates without sufficient sanitization, creating a surface for instructions within the input to influence the outcome.
- PROMPT_INJECTION (LOW): Several configuration templates (scripts/templates.py and scripts/.env.example) reference non-existent or future-dated model versions (e.g., 'gpt-5.2-codex', 'claude-sonnet-4-5-20250929'), which may be deceptive or lead to configuration errors.
Audit Metadata