dotenvx
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions recommend piping scripts from https://dotenvx.sh and https://dotenvx.sh/install.sh directly to the shell. While standard for this tool, it bypasses package manager verification and executes remote code.
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands via the 'dotenvx run' command, which is the tool's primary feature.
- [COMMAND_EXECUTION]: dotenvx supports command substitution (interpolation) within .env files using $(...) syntax, which executes shell commands automatically when environment variables are loaded.
- [INDIRECT_PROMPT_INJECTION]: The skill enables an attack surface where malicious instructions or commands could be embedded in environment files.
- Ingestion points: The tool reads .env files from local or specified paths as shown in the documentation.
- Boundary markers: None. The skill does not instruct the agent to validate or ignore instructions within variable values.
- Capability inventory: Extensive command execution capabilities via subprocess wrapping and shell interpolation.
- Sanitization: No mention of sanitizing or validating the content of the .env files before execution or retrieval.
Recommendations
- HIGH: Downloads and executes remote code from: https://dotenvx.sh, https://dotenvx.sh/install.sh - DO NOT USE without thorough review
Audit Metadata