coding-guidelines-verify
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill parses and executes arbitrary shell commands defined in AGENTS.md files located within the codebase. This is a severe Indirect Prompt Injection vulnerability (Category 8) as it treats untrusted project files as a source of executable instructions.\n
- Ingestion points: AGENTS.md files discovered in any directory.\n
- Boundary markers: None identified; the skill explicitly follows instructions in the parsed block.\n
- Capability inventory: Full shell command execution via the commands fields in the codex-guidelines block.\n
- Sanitization: None; the skill is intended to run provided command strings as-is.\n- [COMMAND_EXECUTION] (CRITICAL): The schema in references/verifiable-block.md explicitly allows arbitrary command strings for format, lint, and test tasks. An attacker could provide a malicious AGENTS.md containing commands to exfiltrate credentials, access sensitive files (e.g., ~/.ssh/id_rsa), or install persistent backdoors.
Recommendations
- AI detected serious security threats
Audit Metadata