state-directory-manager
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
get_with_cachefunction utilizeseval "$command"to execute a shell command string passed as an argument. This is a dangerous coding pattern that facilitates command injection if the command string is constructed using untrusted external input. - [EXTERNAL_DOWNLOADS]: The skill provides examples of fetching remote data via
curlfrom external domains. While intended as a placeholder, it encourages network operations within scripts that handle sensitive configuration. - [COMMAND_EXECUTION]: Configuration management functions use
sed -iandgrepto modify and read local files. These operations lack input validation or escaping, creating a vulnerability surface if configuration keys or values are derived from untrusted sources.
Audit Metadata