cost-calculator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The README.md instructs the execution of 'sudo apt-get install -y bc jq'. This pattern encourages high-privilege system modifications that an AI agent might perform automatically, bypassing security boundaries.
- Unverifiable Dependencies (MEDIUM): README.md suggests 'pip install yq' without version pinning. This practice exposes the environment to untrusted external code and potential supply-chain attacks from the public PyPI repository.
- Indirect Prompt Injection (LOW): The scripts process external inputs like '--model-size' and '--requests-per-day'. While current scripts have low capabilities (local calculation only), the lack of universal input validation across all parameters creates an attack surface for data-driven influence.
- Command Execution (LOW): The scripts utilize shell pipes to pass variables into 'bc' and 'jq'. Although shell quoting is used effectively, the reliance on subprocesses for core logic increases the technical attack surface compared to native code execution.
Recommendations
- AI detected serious security threats
Audit Metadata