Skills
skills/shetengteng/skillix-hub/agent-interact/Gen Agent Trust Hub

agent-interact

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Vulnerability to command injection in pywebview/window.py. The show_notification function constructs an AppleScript command via f-strings using the message and title parameters provided in dialog requests. Since these inputs are not sanitized, a malicious payload (e.g., containing double quotes and the do shell script command) can break out of the string context and execute arbitrary shell commands on the host system.
  • [COMMAND_EXECUTION]: The script tool.js makes extensive use of child_process.spawn and child_process.execSync to manage its environment. This includes starting the Express backend, invoking Python for window management, and executing build scripts like npm run build.
  • [EXTERNAL_DOWNLOADS]: During installation or updates, tool.js triggers npm install in multiple directories, which downloads third-party packages from the public NPM registry.
  • [COMMAND_EXECUTION]: The skill launches pywebview/window.py as a detached subprocess to manage native system windows, as seen in the startPywebview function in tool.js.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 07:34 PM