magnit-vms-cli-non-interactive
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to compile a local Go project (
go build ./cmd/magnit) and execute the resulting binary. This runtime compilation and execution pattern is a security risk if the source code is unverified. - [CREDENTIALS_UNSAFE] (LOW): The instructions suggest passing passwords as command-line arguments (
--password '<password>'). This practice can expose secrets in process lists and shell history. Although a safer stdin method is mentioned, the inclusion of the unsafe method is a finding.
Audit Metadata