gentleman-e2e
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Privilege Escalation] (HIGH): The Dockerfile pattern (Pattern 2) includes an instruction to modify '/etc/sudoers' ('echo "testuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers'), which grants the test user unrestricted root access without a password. This finding is downgraded to MEDIUM in the final verdict due to its context within a Docker-based E2E testing suite.
- [Command Execution] (MEDIUM): The skill repeatedly uses 'chmod +x' on local files ('gentleman-dots', 'e2e_test.sh') before executing them. These scripts perform file system modifications and shell environment changes.
- [Indirect Prompt Injection] (LOW): The skill is designed to process external test scripts and configurations.
- Ingestion points: Files located at 'e2e/e2e_test.sh' and 'e2e/Dockerfile.*'.
- Boundary markers: Absent; the content of these files is interpreted directly by the shell/Docker.
- Capability inventory: File system access ('rm -rf', 'mkdir'), root privileges ('sudo'), and binary execution ('gentleman-dots').
- Sanitization: None; the skill assumes all content in the 'installer/e2e/' directory is trusted.
Audit Metadata