portlang
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Documentation in
reference/custom_tools.mdcontains an example Python tool (tools/calculator.py) that uses theeval()function to process input strings, which can be exploited for arbitrary code execution. - [EXTERNAL_DOWNLOADS]: The framework automatically installs Python dependencies based on PEP 723 inline metadata in tool scripts and demonstrates fetching/running remote MCP packages using
npx. - [COMMAND_EXECUTION]: The framework is designed to execute arbitrary shell commands for task verification and tool implementation as defined in
field.tomlconfigurations. - [DATA_EXFILTRATION]: As stated in
reference/trajectory_analysis.md, the system records all agent interactions into local trajectory files in~/.portlang/trajectories/, which may include sensitive data like API keys and credentials. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data enters the agent context via the
re_observationprimitive. The framework lacks explicit boundary markers or instructions to ignore embedded commands in these observations, and the agent possesses significant capabilities including shell command execution.
Audit Metadata