ordina-panel-detail-page
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a script
scripts/scaffold_detail.pymeant for execution by the agent. It performs file system modifications, including directory creation and file writes, based on user-provided arguments.\n- [REMOTE_CODE_EXECUTION]: The script generates Next.js and TypeScript source code using unsanitized string interpolation. This allows for code injection attacks where malicious logic can be embedded into the generated application code if the entity name or id-field parameters are manipulated.\n- [COMMAND_EXECUTION]: The script is susceptible to path traversal. Since it does not sanitize the entity name used to construct file paths, an attacker could potentially overwrite files outside the targeted project directory using traversal sequences like '../'.
Audit Metadata