Skills
skills/greyhaven-ai/claude-code-config/grey-haven-testing-strategy/Gen Agent Trust Hub

grey-haven-testing-strategy

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (HIGH): The script scripts/run_tests.py is vulnerable to shell command injection. It uses subprocess.run(cmd, shell=True) with a command string constructed by interpolating the env variable (derived from the --env command-line argument). Because this argument is not validated or sanitized, an attacker can provide a string such as test; <malicious_command> to execute arbitrary code on the host system.
  • EXTERNAL_DOWNLOADS (LOW): The SKILL.md file recommends installing the Doppler CLI using Homebrew (brew install dopplerhq/cli/doppler). While Doppler is a legitimate secret-management service, the instruction to download and install external binaries increases the environment's attack surface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:32 PM