agent-builder
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The Level 0 template in 'scripts/init_agent.py' and the 'references/minimal-agent.py' implementation provide a 'bash' tool that executes arbitrary shell commands via 'subprocess.run(shell=True)' without any input validation or safety filtering.
- [COMMAND_EXECUTION]: The Level 1 template and 'references/tool-templates.py' implement a basic string-matching blacklist for 'dangerous' commands. This security control is insufficient as it can be easily bypassed by using command substitution, alternative shell syntax, or environment variables.
- [DATA_EXFILTRATION]: The file-handling tools in 'references/minimal-agent.py' lack directory traversal protections. An agent could be manipulated into reading or writing sensitive files outside the intended workspace by using '../' sequences in file paths.
- [REMOTE_CODE_EXECUTION]: The unconstrained 'bash' tool included in multiple templates allows the system to download and execute arbitrary external scripts (e.g., via 'curl | bash'), creating a direct path for remote code execution from untrusted inputs.
Recommendations
- AI detected serious security threats
Audit Metadata