tart-gui-automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The harness script 'scripts/tart_vm_harness.py' executes host-level commands including 'tart' for VM lifecycle management, 'ipconfig' for network discovery, and 'osascript' to programmatically control host applications like Screen Sharing.
- [CREDENTIALS_UNSAFE]: The script contains hardcoded default credentials ('admin' / 'admin') which are used for automated SSH discovery and guest authentication.
- [EXTERNAL_DOWNLOADS]: The Python script uses PEP 723 inline metadata to download and install several dependencies at runtime, including 'paramiko', 'vncdotool', 'Pillow', and 'pyyaml'.
- [REMOTE_CODE_EXECUTION]: The 'exec' command functionality allows for the execution of arbitrary shell commands within the guest VM environment via the 'tart exec' agent or SSH fallback.
Audit Metadata