ac-rules-expert
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Dynamic Execution (MEDIUM): The skill documents the use of
safe_exec()for evaluating Python-based filters inreferences/core-components.md. This creates a runtime environment for executing user-defined scripts, which is a high-risk surface for potential sandbox escapes or resource exhaustion. - Data Exposure & Exfiltration (MEDIUM): In
references/core-components.mdandreferences/rule-evaluation.md, multiple code snippets demonstrate building SQL queries via f-strings with direct variable interpolation (e.g.,WHERE parent = '{user}'). These patterns are susceptible to SQL injection if the variables are not strictly sanitized, potentially allowing attackers to bypass access controls or exfiltrate database content. - Privilege Escalation (MEDIUM): The 'Query Filters Report' described in
references/debugging-reports.mdincludes animpersonate_usercapability. This feature allows a user to trigger backend logic in the context of another user, which could be abused to perform reconnaissance on administrative accounts or bypass record-level permissions.
Audit Metadata