The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The script scripts/test-workflow.sh uses an unquoted heredoc (<<EOF) to generate a temporary Python script. In Bash, this causes the shell to perform variable expansion and command substitution inside the heredoc before it is written to the file. An attacker-controlled WORKFLOW_NAME containing a subshell (e.g., $(id)) would result in arbitrary command execution on the host system during the file generation process.
REMOTE_CODE_EXECUTION (HIGH): Even if the shell expansion is avoided, the resulting Python script in scripts/test-workflow.sh uses getattr(workflow_module, '$workflow_name') where $workflow_name is an unsanitized string. This allows for Python-level code injection by breaking out of the string literal within the generated Python file (e.g., using '); import os; os.system('... as the workflow name).
COMMAND_EXECUTION (MEDIUM): In scripts/generate-workflow.sh, the script uses sed with a pipe delimiter (|) to perform string replacement for the BROKER_URL and BACKEND_URL variables. If these variables contain the delimiter character or other sed metacharacters, it can lead to argument injection or unexpected file modifications.
SAFE (BEST_PRACTICE): The templates provided in templates/group-parallel.py include synchronous calls to .get() within tasks. While not a direct security exploit, this is a dangerous Celery anti-pattern that can lead to distributed deadlocks and resource exhaustion.

workflow-canvas