sabnzbd
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
addfunction inscripts/sab-api.shis vulnerable to code injection. It interpolates the user-provided URL directly into apython3 -ccommand string using bash variable expansion:python3 -c "import urllib.parse; print(urllib.parse.quote('$url', safe=''))". An attacker can provide a URL containing a single quote followed by Python code to execute arbitrary commands with the permissions of the agent process. - [CREDENTIALS_UNSAFE]: In
scripts/sab-api.sh, theapi_callfunction appends theSAB_API_KEYdirectly to the URL as a query parameter (apikey=${SAB_API_KEY}). This is an insecure practice because query parameters are often recorded in cleartext in server logs, proxy logs, and shell history. - [DATA_EXFILTRATION]: The
add-filecommand inscripts/sab-api.shusescurl -F "nzbfile=@$filepath". The@prefix instructscurlto read the file at the specified path. If a user or a malicious indirect source tricks the agent into providing a path to sensitive files (such as~/.ssh/id_rsaor.env), the content of those files will be sent to the configured SABnzbd server. - [PROMPT_INJECTION]: The
SKILL.mdfile contains aggressive instruction hijacking language ("⚠️ MANDATORY SKILL INVOCATION ⚠️") intended to override the agent's decision-making process and force the use of the skill regardless of the agent's safety or operational assessments.
Recommendations
- AI detected serious security threats
Audit Metadata