env-patch
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes command-line tools like
curlto fetch external JavaScript files and web resources. This is a core part of its functionality to download target SDKs and bytecode for local analysis. - [REMOTE_CODE_EXECUTION]: The skill is designed to execute untrusted JavaScript code within a Node.js environment. It uses
requireand thevmmodule to load and run scripts. Additionally, it implements runtime hooks forevaland theFunctionconstructor to intercept and modify code behavior (e.g., stripping anti-debugging logic) before execution. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external, potentially attacker-controlled JavaScript. Instructions or patterns within the analyzed code could be reflected in the diagnostic reports generated by the engine, potentially influencing the agent's logic during the environment patching process.
- Ingestion points: Analyzed JavaScript files located in the
source/directory and the diagnostic reports generated byenv_core.jsinscripts/env_core.js. - Boundary markers: No explicit delimiters or instructions to ignore content within the diagnostic reports were found.
- Capability inventory: The skill possesses file system access, dynamic execution capabilities via
vmandrequire, and the ability to perform network requests viacurl. - Sanitization: There is no evidence of sanitization or filtering of the diagnostic logs before they are presented to the agent for analysis.
Audit Metadata