chore(agents): Add security-review skill to agent configuration #973
Triggered via pull request
February 20, 2026 20:31
ericapisani
ericapisani
opened
#5498
Status
Success
Total duration
25s
Artifacts
–
changelog-preview.yml
on: pull_request_target
changelog-preview
/
preview
21s
Annotations
5 warnings
|
Bash tool granted without clear justification in skill instructions:
.agents/skills/security-review/SKILL.md#L4
The skill grants Bash tool access but has no scripts directory and the SKILL.md instructions don't reference any CLI tools, linters, shell commands, or scripts that would require Bash execution. This violates the least privilege principle. Per permission-analysis.md, Bash is justified when 'Running bundled scripts, git/gh CLI, build tools' but unjustified when there are 'No scripts or CLI commands in instructions'.
|
|
[J23-EH8] Bash tool granted without clear justification in skill instructions (additional location):
warden.toml#L54
The skill grants Bash tool access but has no scripts directory and the SKILL.md instructions don't reference any CLI tools, linters, shell commands, or scripts that would require Bash execution. This violates the least privilege principle. Per permission-analysis.md, Bash is justified when 'Running bundled scripts, git/gh CLI, build tools' but unjustified when there are 'No scripts or CLI commands in instructions'.
|
|
Path traversal prevention example can be bypassed with sibling directory names:
.agents/skills/security-review/references/file-security.md#L38
The `safe_join` function example uses `str(target).startswith(str(base))` to verify the resolved path is under the base directory. This check is flawed: if base is `/uploads` and an attacker crafts a path resolving to `/uploads_malicious/file`, the startswith check passes because `/uploads_malicious`.startswith(`/uploads`) is True. Developers copying this security guidance may inadvertently introduce path traversal vulnerabilities.
|
|
[RVP-GBQ] Path traversal prevention example can be bypassed with sibling directory names (additional location):
.agents/skills/security-review/references/modern-threats.md#L373
The `safe_join` function example uses `str(target).startswith(str(base))` to verify the resolved path is under the base directory. This check is flawed: if base is `/uploads` and an attacker crafts a path resolving to `/uploads_malicious/file`, the startswith check passes because `/uploads_malicious`.startswith(`/uploads`) is True. Developers copying this security guidance may inadvertently introduce path traversal vulnerabilities.
|
|
[RVP-GBQ] Path traversal prevention example can be bypassed with sibling directory names (additional location):
.agents/skills/security-review/references/modern-threats.md#L334
The `safe_join` function example uses `str(target).startswith(str(base))` to verify the resolved path is under the base directory. This check is flawed: if base is `/uploads` and an attacker crafts a path resolving to `/uploads_malicious/file`, the startswith check passes because `/uploads_malicious`.startswith(`/uploads`) is True. Developers copying this security guidance may inadvertently introduce path traversal vulnerabilities.
|