peach-add-api
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a verification phase that executes shell commands including
bun test src/modules/[모듈명]/test/. The[모듈명]component is directly derived from user input without sanitization or validation. An attacker could provide a module name such aspayment; rm -rf /to perform unauthorized operations on the host system. - Evidence: Found in
SKILL.mdunder the## 검증 단계section:cd api && bun test src/modules/[모듈명]/test/.
Recommendations
- AI detected serious security threats
Audit Metadata