sast-brakeman
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires installing the
brakemangem from a public registry at runtime inSKILL.md. This involves downloading and executing third-party code without version pinning, lockfiles, or integrity verification. - [Indirect Prompt Injection] (HIGH): The skill processes untrusted external content from the codebases it scans in
SKILL.md. Evidence Chain: 1. Ingestion points: The agent parses findings inbrakeman-results.jsonwhich are derived directly from the application's source code. 2. Boundary markers: None are defined to separate the tool's output from the agent's instructions. 3. Capability inventory: The skill allows subprocess execution (brakeman) and file access. 4. Sanitization: There is no evidence of sanitization or validation of the scan results. A malicious codebase could include comments or strings specifically designed to trick the agent into misreporting findings or performing unauthorized actions during the summarization phase. - [Command Execution] (MEDIUM): The skill executes shell commands using variable path parameters (
brakeman -p <path>) inSKILL.md. This presents a risk of command injection if the agent does not strictly validate the provided path input.
Recommendations
- AI detected serious security threats
Audit Metadata