django-extensions
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill provides the command
python manage.py print_settings DATABASE*andAUTH*. In Django, these settings keys typically contain plaintext database passwords, secret keys, and authentication provider credentials. Exposing these to the agent's output context constitutes a high-risk credential leak. - [REMOTE_CODE_EXECUTION] (HIGH): The command
python manage.py runscript <script_name>allows the execution of arbitrary Python files located in ascripts/directory. If an attacker can influence the file system or if the agent is tricked into running a malicious script via prompt injection, this results in full remote code execution within the application context. - [COMMAND_EXECUTION] (HIGH): The skill grants access to
shell_plusandrunserver_plus.shell_plusis an interactive Python environment with all models pre-loaded, allowing for direct database manipulation and arbitrary Python execution.runserver_plusincludes the Werkzeug debugger, which is known to be exploitable for RCE if not properly restricted. - [DATA_EXFILTRATION] (MEDIUM): Multiple commands such as
show_urls,list_model_info, andsqldifffacilitate deep reconnaissance of the application's internal structure, API surface, and database schema. While intended for development, this information is highly valuable for an attacker seeking to map the environment for further exploitation.
Recommendations
- AI detected serious security threats
Audit Metadata