sysml-v2-guide-validator
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- External Downloads & Remote Code Execution (HIGH): The script
scripts/setup_official_validator.shclones a repository from an untrusted source (https://github.com/LnYo-Cly/sysmlv2-validator) and immediately executesmvn package. This build process is an attack vector that allows the remote repository to execute arbitrary code on the user's machine via Maven plugins during the initialization and packaging phases. - Command Execution (HIGH): The skill generates and executes a shell wrapper (
assets/official-validator/validate-sysml) that runs a JAR file produced from the untrusted build process. This involves the execution of an unverifiable binary with full user permissions. - Indirect Prompt Injection (LOW): The skill is intended to process user-provided SysML v2 models and text snippets, creating a surface for indirect prompt injection if malicious instructions are embedded in the data.
- Ingestion points:
scripts/sysmlv2_validate.py(via--stdin,--text, or file paths). - Boundary markers: absent (no delimiters or explicit warnings are used to isolate user data from instructions).
- Capability inventory: Subprocess execution of shell commands and Java binaries (
assets/official-validator/validate-sysml). - Sanitization: absent (no sanitization or filtering logic was detected in the provided scripts to handle untrusted input).
Recommendations
- AI detected serious security threats
Audit Metadata