medusajs-developer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The script
scripts/dev-server.shis vulnerable to shell command injection. It constructs anARGSstring using unvalidated user input from CLI flags (--hostand--port) and then executes it unquoted within thenpx medusa develop $ARGScommand. An attacker providing a value like9000; malicious_commandcould execute arbitrary code on the host system.\n- DATA_EXPOSURE (MEDIUM): Several scripts, includingscripts/start-production.shandscripts/setup-testing.sh, automate the handling of sensitive.envfiles and environment variables.start-production.shspecifically copies.envto.env.production. Automated secret handling by an agent using these scripts poses a risk of credential exposure if the environment is not strictly isolated.\n- EXTERNAL_DOWNLOADS (LOW): Scripts such asscripts/setup-testing.shandscripts/start-production.shperformnpm installor usenpxto download and execute code from the public npm registry at runtime. While standard for Node.js development, this introduces a dependency on external third-party infrastructure and code.\n- INDIRECT_PROMPT_INJECTION (LOW): Scaffolding scripts (e.g.,scripts/create-api-route.sh,scripts/create-module.sh) accept user-provided names for directory and file creation without sanitization. This creates a surface for path traversal where a malicious input could potentially overwrite sensitive files outside the project's intended directory structure.\n - Ingestion points: CLI arguments $1 and $2 in
scripts/create-api-route.sh,scripts/create-module.sh, andscripts/create-scheduled-job.sh.\n - Boundary markers: None.\n
- Capability inventory: Directory creation (
mkdir -p), file writing (cat >), and file modification (sed).\n - Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata