r2-storage-manager
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script scripts/check-env.sh accesses the sensitive file .env.local to verify configuration.\n
- Evidence: The script uses grep to check for the presence of R2_ACCESS_KEY_ID and R2_SECRET_ACCESS_KEY.\n
- While intended for environment validation, accessing local secret files is a sensitive operation.\n- [COMMAND_EXECUTION]: The skill defines commands to execute shell and Node.js scripts.\n
- Evidence: SKILL.md references ./.agent/skills/r2-storage-manager/scripts/check-env.sh and node ./.agent/skills/r2-storage-manager/scripts/list-bucket.mjs.\n- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection via R2 bucket contents.\n
- Ingestion points: Data retrieved from the R2 bucket through the list-bucket-summary action (scripts/list-bucket.mjs).\n
- Boundary markers: No delimiters or instructions are provided to separate bucket metadata from agent logic.\n
- Capability inventory: The skill can execute system commands (scripts/check-env.sh) and access local files (scripts/check-env.sh).\n
- Sanitization: There is no evidence of sanitization for bucket object summaries.
Audit Metadata