portpilot-assistant
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The script
scripts/run_portpilot.shincludes the commandnpx -y portpilot-cli@1as a fallback. This automatically downloads and executes code from the public NPM registry at runtime, which bypasses local integrity checks and allows for potential Remote Code Execution from an untrusted external source. - Privilege Escalation (HIGH): The
SKILL.mdandreferences/safety-policy.mdfiles instruct the agent to proactively requestrequire_escalatedpermissions and set a reusableprefix_rulefor thenodecommand. This 'Permission bootstrap' is designed to persist elevated privileges and suppress future security confirmations for the CLI tool for the remainder of the session. - Data Exposure & Exfiltration (LOW): The skill accesses sensitive local system state, including process IDs (PIDs), command lines, and current working directories of running processes. It also maintains a state directory in the user's home folder (
~/.portpilot), involving direct filesystem access. - Dynamic Execution (LOW): The skill dynamically resolves absolute paths to its bundled JavaScript CLI scripts and executes them using the
noderuntime via shell scripts, which is a common but powerful capability that increases the skill's attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata