autonomous-agent-patterns

skills-sh:sickn33_antigravity-awesome-skills__autonomous-agent-patterns

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 6

Findings (6)

LOW

MCP code execution tool CMDEXEC_010

command-execution L199

Detects MCP tools that execute arbitrary code

"run_command"

FIX

Restrict code execution tools to specific languages and sandbox the runtime environment. Use a container or VM-based sandbox instead of running code directly on the host.

FP?

Likely FP if the MCP tool is a dedicated code runner (e.g., Jupyter kernel) with documented sandboxing and no network access.

LOW

MCP code execution tool CMDEXEC_010

command-execution L301

Detects MCP tools that execute arbitrary code

"run_command"

FIX

Restrict code execution tools to specific languages and sandbox the runtime environment. Use a container or VM-based sandbox instead of running code directly on the host.

FP?

Likely FP if the MCP tool is a dedicated code runner (e.g., Jupyter kernel) with documented sandboxing and no network access.

LOW

MCP code execution tool CMDEXEC_010

command-execution L347

Detects MCP tools that execute arbitrary code

"run_command"

FIX

Restrict code execution tools to specific languages and sandbox the runtime environment. Use a container or VM-based sandbox instead of running code directly on the host.

FP?

Likely FP if the MCP tool is a dedicated code runner (e.g., Jupyter kernel) with documented sandboxing and no network access.

LOW

Python subprocess execution CMDEXEC_003

command-execution L390

Detects Python subprocess and os.system calls for command execution in skill descriptions

subprocess.run(

FIX

Pass arguments as an explicit list instead of a shell string. Set shell=False and validate all user-supplied values before inclusion.

FP?

Likely FP if the match is in documentation explaining Python subprocess usage or in a description mentioning it as a topic.

LOW

Shell subprocess with shell=True CMDEXEC_001

command-execution L390

Detects subprocess calls with shell=True which enables shell injection

subprocess.run(
            command,
            shell=True

FIX

Replace shell=True with shell=False and pass command arguments as a list. Validate and sanitize all inputs before passing to the shell.

FP?

Likely FP if the match is in documentation describing how subprocess works, or in a comment explaining shell risks rather than actual code.

LOW

Shell subprocess with shell=True CMDEXEC_001

command-execution L392

Detects subprocess calls with shell=True which enables shell injection

shell=True

FIX

Replace shell=True with shell=False and pass command arguments as a list. Validate and sanitize all inputs before passing to the shell.

FP?

Likely FP if the match is in documentation describing how subprocess works, or in a comment explaining shell risks rather than actual code.