analytics-tracking
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses directory traversal characters (
../../../) to reference a file outside its own directory structure. This technique is often used to trick an AI agent into loading instructions from unauthorized locations, bypassing the intended security boundaries of the skill environment. - [DATA_EXFILTRATION]: By attempting to access paths relative to the root filesystem rather than the local skill directory, the skill demonstrates a pattern of unauthorized file access. This could lead to the exposure of sensitive data or the unintended retrieval of files from the host system.
Audit Metadata