session-management
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): Vulnerability in
scripts/configure-sessions.shdue to unsafe variable evaluation. - Evidence: The function
prompt_configuseseval "$var_name=\"${input:-$default}\"". Theinputvariable is read directly from the user and subsequently evaluated by the shell without sanitization. - Impact: This allows for shell injection. An attacker (or a malicious prompt influencing an AI agent) can supply input containing shell metacharacters (e.g., backticks or
$()) to execute arbitrary code with the same privileges as the user running the script. - Mitigation: User input should never be passed to
eval. Use direct variable assignment or indirect variable references if necessary, and strictly validate all inputs.
Recommendations
- AI detected serious security threats
Audit Metadata