lazycat-dynamic-deploy
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation in
references/manifest-render.mdprovides examples where user-defined parameters (.U.target) are directly interpolated intobackend_launch_commandstrings within thelzc-manifest.yml. This pattern is vulnerable to shell command injection if the user input contains shell metacharacters (e.g.,;,&&,|), as there are no instructions provided for sanitization or escaping. - [REMOTE_CODE_EXECUTION]: The
application.injectsfeature described inSKILL.mdandreferences/injects.mdallows for the injection of JavaScript into application frontend pages. The specification explicitly supportshttp(s)://as a source for these scripts, enabling the execution of arbitrary remote code in the user's browser context. - [EXTERNAL_DOWNLOADS]: The system is configured to fetch and execute scripts from external URLs via the
scripts[].srcfield, which can point to untrusted remote domains. - [PROMPT_INJECTION]: The skill processes untrusted user data from
lzc-deploy-params.ymland interpolates it into critical configuration files (lzc-manifest.yml). - Ingestion points: User-provided values are ingested via the
lzc-deploy-params.ymlfile and accessed through the.Utemplate variable. - Boundary markers: None identified. The Go template syntax (
{{ ... }}) is used directly without delimiters or instructions to ignore embedded malicious content. - Capability inventory: The rendered manifest can execute shell commands (
backend_launch_command) and inject JS scripts. - Sanitization: There is no mention of input validation, escaping, or sanitization of user parameters before they are rendered into the final configuration.
Audit Metadata