nightshift
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/nightshift.shinvokes the agent with the--dangerously-skip-permissionsflag. This disables the security prompts that would normally allow a user to review and approve potentially harmful actions like file modifications or shell command execution.\n- [COMMAND_EXECUTION]: The skill uses the--dangerously-bypass-approvals-and-sandboxflag when launching thecodexreviewer agent. This removes standard security constraints and oversight, granting the sub-agent unrestricted access to the host system.\n- [REMOTE_CODE_EXECUTION]: The autonomous loop is designed to ingest and act upon instructions found inBUGS.mdand other specification files. These files represent an untrusted input surface; an attacker could embed malicious instructions (indirect prompt injection) which the agent would then execute with full system permissions due to the disabled safety flags.\n- [PROMPT_INJECTION]: The skill lacks sanitization and boundary markers for the data it ingests from external files. It treats the contents of feature specifications and bug reports as trusted instructions, making it vulnerable to indirect prompt injection attacks that could drive the agent to perform unintended or malicious tasks.
Recommendations
- AI detected serious security threats
Audit Metadata