generating-compliance-reports
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_report.pycontains agenerate_scriptmethod that dynamically assembles a bash script from a user-provided template string and saves it to a file. - Evidence: Line 72 in
scripts/generate_report.pydefinesgenerate_script(self, name: str, template: str). This method is accessible via the CLI using the--type scriptargument combined with--content. - [COMMAND_EXECUTION]: The
generate_scriptmethod inscripts/generate_report.pyexplicitly grants execution permissions to the newly created script. - Evidence: Line 90 in
scripts/generate_report.pyexecutesfile_path.chmod(0o755), which marks the generated file as executable by any user. - [COMMAND_EXECUTION]: Risk of Indirect Prompt Injection during codebase scanning.
- Ingestion points: The skill instructions in
SKILL.md(Step 3) direct the agent to scan the codebase for security evidence. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided for the data being scanned.
- Capability inventory: The skill includes
scripts/generate_report.pywhich can generate andchmod +xscripts. TheSKILL.mdalso allowsBashaccess with specific prefixes. - Sanitization: There is no evidence of sanitization or validation in
scripts/generate_report.pywhen handling thecontentargument, which could contain data retrieved from the scanned codebase.
Audit Metadata