deployment-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): Vulnerabilities in scripts/smoke-test.sh and scripts/health-check.sh allow arbitrary command execution. In scripts/smoke-test.sh, the BASE_URL variable is incorporated into a string that is executed via eval, enabling an attacker to escape single quotes and execute commands. In scripts/health-check.sh, the BASE_URL variable is used within double quotes inside command substitutions ($()), allowing for subshell execution. Evidence: scripts/smoke-test.sh line 58 and scripts/health-check.sh line 74.
- DATA_EXFILTRATION (LOW): Scripts transmit system status to external webhooks using the SLACK_WEBHOOK environment variable. While functional, this establishes a network egress path for event data.
- EXTERNAL_DOWNLOADS (SAFE): Documentation and scripts reference standard DevOps tools and platforms including Vercel, Railway, and Prisma. These are trusted industry standard tools for the described rollback and monitoring purposes.
Recommendations
- AI detected serious security threats
Audit Metadata