autonomous-agent-patterns

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill appears to be a legitimate design-patterns document and reference implementation for autonomous coding agents, not an overtly malicious package. However, it contains multiple powerful capabilities and risky flows that, if used without strict controls, enable credential leakage, arbitrary code execution, and data exfiltration. The most significant risk is the dynamic code generation and hot-loading (MCPAgent.create_tool) which can execute arbitrary LLM-produced code without validation, plus permissive file-read defaults and passing environment variables into subprocesses. Treat this code as potentially dangerous in untrusted environments: require explicit user approvals, stricter sandboxing, argument validation, environment scrubbing, code signing/analysis for generated code, and tighter permission defaults before deploying. LLM verification: The code and documentation present functional patterns for building autonomous agents but also provide or reference powerful runtime tools (arbitrary file reads, writes, edits, and shell execution) without demonstrated safe defaults. There is a clear exfiltration path for local secrets to an LLM/provider and the potential for destructive operations if examples are implemented literally. Treat these patterns as high-risk unless mitigations are applied: enforce path and command whitelists, require