Skills
NYC
skills/hieutrtr/ai1-skills/pre-merge-checklist/Gen Agent Trust Hub

pre-merge-checklist

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): Python code injection vulnerability in scripts/accessibility-check.sh.
  • Evidence: The script executes a Python snippet via python3 -c that uses shell string interpolation: json.load(open('${PAGE_JSON}')).
  • Context: The variable ${PAGE_JSON} is constructed using the user-supplied --output-dir argument. A maliciously crafted directory name (e.g., containing single quotes and Python commands) can break out of the open() call and execute arbitrary Python code.
  • [EXTERNAL_DOWNLOADS] (LOW): Usage of npx for dynamic package execution.
  • Evidence: The scripts frequently invoke npx @axe-core/cli, npx playwright, npx eslint, and npx tsc.
  • Context: npx downloads and executes code from the npm registry at runtime if the package is not already cached or installed. While used for legitimate dev tools, it introduces a dependency on external, mutable code sources.
  • [COMMAND_EXECUTION] (LOW): Use of eval in the orchestration script.
  • Evidence: In scripts/run-all-checks.sh, the run_check function uses eval "$cmd" to execute the check logic.
  • Context: While the commands passed to eval are currently hardcoded within the script, the use of eval is a dangerous practice that can be exploited if the script logic is modified to include untrusted inputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:08 PM