file-sync-management
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the MinIO Client (
mc) to perform file synchronization operations, specificallymirrorfor directories andcpfor single files. These commands are executed directly via shell access to manage storage states.\n- [DATA_EXFILTRATION]: This category is identified due to the movement of data between the local environment and a remote storage prefix defined by${HICLAW_STORAGE_PREFIX}. The skill accesses the/root/hiclaw-fs/path, which is a privileged directory, to ensure file consistency between the local worker environment and remote storage.\n- [PROMPT_INJECTION]: The skill contains a vulnerability surface for Indirect Prompt Injection (Category 8) because it pulls and reads files (such asresult.md) authored by external Workers using thecatcommand.\n - Ingestion points:
references/sync-guide.md(via reading synchronized files pulled from remote storage).\n - Boundary markers: Absent; there are no instructions provided to the agent to treat the synchronized file content as untrusted or to use delimiters.\n
- Capability inventory:
references/sync-guide.md(File system reads, MinIO synchronization, and shell command execution).\n - Sanitization: Absent; the skill does not include steps to validate or sanitize the content of the worker-provided files before the agent processes them.
Audit Metadata