newman
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run-tests.shconstructs a command string using the$COLLECTIONand$ENVIRONMENTvariables and executes it viaeval. This enables shell command injection if an attacker provides a filename containing shell metacharacters (e.g.,;,&, or backticks). - [REMOTE_CODE_EXECUTION]: Postman collections processed by this skill can contain arbitrary JavaScript code in Pre-request and Test scripts. Newman executes this code at runtime, which means processing an untrusted collection leads to arbitrary code execution in the agent's environment.
- [EXTERNAL_DOWNLOADS]: The
scripts/install-newman.shscript performs global or local installations of thenewmanandnewman-reporter-htmlextrapackages using the NPM registry. - [DATA_EXFILTRATION]: The documentation in
references/advanced-patterns.mdprovides code for a Slack reporter that useshttps.requestto send test results to external webhooks. This pattern demonstrates how data can be sent to remote endpoints outside the controlled environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted Postman collection files without sanitizing or validating the embedded logic.
- Ingestion points: Postman collection (
.json) and environment files provided by the user or external sources. - Boundary markers: None present to separate collection data from executable scripts.
- Capability inventory: The skill possesses the ability to execute shell commands (
eval) and perform network requests (via Newman's reporter logic). - Sanitization: No validation of embedded JavaScript content is performed.
Recommendations
- AI detected serious security threats
Audit Metadata