bv
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The
.bv/hooks.yamlconfiguration allows for the execution of arbitrary shell commands (e.g.,./scripts/validate.sh,./scripts/notify-slack.sh). If this tool is used to analyze untrusted repositories, an attacker could place a malicious.bv/hooks.yamlin the codebase, leading to code execution when the agent runs thebvcommand. - REMOTE_CODE_EXECUTION (HIGH): While the commands listed are local, the mechanism for executing scripts defined in configuration files that the agent is expected to process from a workspace constitutes a significant RCE vulnerability if the workspace content is attacker-controlled.
- DATA_EXFILTRATION (MEDIUM): The 'Key Resources' section exposes absolute local file paths (
/Users/mikhail/Downloads/...). This reveals specific user information and directory structure, which can be used for reconnaissance in a more targeted attack. - INDIRECT PROMPT INJECTION (HIGH): This skill is designed to ingest and analyze external codebase data (via
bv --workspace). It lacks evidence of boundary markers or sanitization for untrusted data. Since the tool has the capability to write files (--save-baseline) and execute scripts (hooks.yaml), it has a high-severity attack surface for indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata