<< Back to security report
Commit9c68210 →
VerdictFAIL
Score40
DateMay 20, 2026
| Severity | Rule | Message | File:Line |
|---|---|---|---|
| HIGH | javascript.lang.security.detect-child-process.detect-child-process | Detected calls to child_process from a function argument `pipeline`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. | technicalpickles/pickled-claude-plugins/unpark-8d07bd0d/plugins/buildkite/skills/investigating-builds/scripts/find-commit-builds.js:74 → |
| HIGH | javascript.lang.security.detect-child-process.detect-child-process | Detected calls to child_process from a function argument `build`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. | technicalpickles/pickled-claude-plugins/unpark-8d07bd0d/plugins/buildkite/skills/investigating-builds/scripts/get-build-logs.js:40 → |
| HIGH | javascript.lang.security.detect-child-process.detect-child-process | Detected calls to child_process from a function argument `org`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. | technicalpickles/pickled-claude-plugins/unpark-8d07bd0d/plugins/buildkite/skills/investigating-builds/scripts/get-build-logs.js:40 → |
| HIGH | javascript.lang.security.detect-child-process.detect-child-process | Detected calls to child_process from a function argument `pipeline`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. | technicalpickles/pickled-claude-plugins/unpark-8d07bd0d/plugins/buildkite/skills/investigating-builds/scripts/get-build-logs.js:40 → |