feature-orchestrator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The script
scripts/check-file-size.shexecutes shell commands using a user-provided file path argument ($1). While variables are quoted, the lack of input sanitization at the script level means that if the AI agent is tricked into passing a malicious path or a path containing shell metacharacters, it could lead to unintended command execution. - Evidence (scripts/check-file-size.sh):
FILE=$1,LINE_COUNT=$(wc -l < "$FILE"), andFILE_TYPE=$(echo "$FILE" | sed 's/.*\.//'). - [COMMAND_EXECUTION] (MEDIUM): The script
scripts/validate-increment.shexecutes arbitrary code defined in the local project'spackage.jsonvianpm run. While standard for development, this presents a risk if the agent is working within an untrusted repository where thepackage.jsonscripts have been tampered with. - Evidence (scripts/validate-increment.sh): Calls to
npm run lint,npm run type-check, andnpm test. - [PROMPT_INJECTION] (MEDIUM): The template
resources/gap-analysis-template.mdsuggests shell command patterns likegrep "[keyword]". If the agent populates these placeholders with untrusted data from a user (Indirect Prompt Injection), it could result in command injection on the agent's host system. - Ingestion points: Template placeholders like
[keyword]and[file-path]inresources/gap-analysis-template.mdandresources/increment-checklist-template.md. - Boundary markers: None present in templates to distinguish between instructions and data.
- Capability inventory: Subprocess execution via
wc,sed,grep, andnpm. - Sanitization: None detected. The scripts and templates do not include logic to escape or validate user-provided strings before they are used in a shell context.
Audit Metadata