openscad
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Argument injection vulnerability in
scripts/version-scad.sh. Thelscommand does not use the--delimiter to separate options from arguments, allowing a model name starting with a hyphen to be interpreted as command-line flags.\n- [COMMAND_EXECUTION]: Path traversal risk inscripts/version-scad.sh. The script does not sanitize theMODEL_NAMEargument, which allows it to contain path components or wildcards that could be used to probe for the existence of files or list directory contents outside of the intended scope.\n- [PROMPT_INJECTION]: Indirect prompt injection surface via tool output poisoning inscripts/version-scad.sh.\n - Ingestion points: User-controlled model name provided as an argument to the script.\n
- Boundary markers: None present in the script or usage instructions.\n
- Capability inventory: The skill allows the agent to execute Bash commands and write files, creating a risk if the agent uses a malicious filename generated by the script in a subsequent command.\n
- Sanitization: No validation or escaping is performed on the input before it is used in shell commands or included in the script's output.
Audit Metadata