dotfiles
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The
SKILL.mdfile recommends installing the 'chezmoi' tool using the commandsh -c "$(curl -fsLS get.chezmoi.io)". This pattern downloads and executes a script directly from the internet, which is a significant security risk as the remote content is not verified before execution. - [DATA_EXFILTRATION] (HIGH): The
scripts/dotfiles-sync.shscript automatically copies sensitive configuration files, including~/.ssh/configand~/.gitconfig, into a local repository and performs agit commit. This process lacks sanitization or filtering, creating a high risk that sensitive SSH host details or Git credentials could be accidentally pushed to a public remote repository. - [EXTERNAL_DOWNLOADS] (MEDIUM): The bootstrap script in
SKILL.mdand the installation instructions inreferences/dotfiles-guide.mdincludegit cloneoperations from unverified GitHub URLs. Applying configuration files from untrusted external sources can lead to unauthorized system modifications. - [COMMAND_EXECUTION] (MEDIUM): Multiple files (
scripts/dotfiles-backup.sh,scripts/dotfiles-sync.sh, andSKILL.md) contain shell scripts that execute potentially dangerous system commands such ascp,mkdir,stow, andgiton user directories without explicit safety checks. - [PROMPT_INJECTION] (LOW): The skill demonstrates an Indirect Prompt Injection surface (Category 8). It ingests untrusted data by reading various shell configuration files (
.bashrc,.zshrc) into the agent's context and possesses capabilities for file writing and command execution. There are no boundary markers or sanitization logic present to prevent embedded instructions within these dotfiles from influencing the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata