ln-502-regression-checker
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill's primary workflow involves reading
docs/project/runbook.mdand executing the commands found there. Because these commands are not sanitized or restricted to a predefined list, any arbitrary shell command inside that file will be executed by the agent's Bash tool. - [REMOTE_CODE_EXECUTION] (HIGH): This pattern allows for remote code execution if the agent processes untrusted repositories. An attacker can place malicious code (e.g., credential theft or system modification) inside the runbook file, which the agent will then execute during the testing phase.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The
diagram.htmlfile includes a script tag that loadsmermaid.min.jsfromcdn.jsdelivr.net. As this is an external third-party CDN not included in the trusted source list, it represents an unverified dependency. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points:
docs/project/runbook.md(the source of truth for test commands). - Boundary markers: Absent; the agent is instructed to trust and execute the file content directly.
- Capability inventory: Shell execution via Bash tool (as described in Phase 2 of the workflow).
- Sanitization: Absent; the skill explicitly prioritizes using raw file content over safety-oriented 'guessed' commands.
Recommendations
- AI detected serious security threats
Audit Metadata