file_explorer
Audited by Gen Agent Trust Hub on Feb 12, 2026
================================================================================
🟡 VERDICT: MEDIUM
The skill's primary functionality is implemented in a Python script named explorer.py, as indicated by the usage examples (python skills/file_explorer/explorer.py). However, the content of this script was not provided for analysis. Without access to the source code of explorer.py, it is impossible to verify its behavior, making it an unverifiable dependency.
This lack of verifiability introduces a significant security risk. A malicious explorer.py script could potentially:
- Execute arbitrary commands on the system (COMMAND_EXECUTION).
- Read sensitive files and exfiltrate their contents to an external server (DATA_EXFILTRATION).
- Bypass the stated permission locks or access restrictions mentioned in the
SKILL.md.
The SKILL.md itself contains no direct malicious patterns, prompt injections, or obfuscation. It explicitly states that "Alice has been permission-locked" and the skill "can only access files in the project root directory," and warns against accessing content outside this path. It also advises using --read for large files to prevent context overflow. While these are good intentions, they cannot be confirmed without auditing the explorer.py script.
Total Findings: 1
🟡 MEDIUM Findings: • Unverifiable Dependency
- Line 15, 18, 21: The skill relies on
python skills/file_explorer/explorer.py, but the script's content is missing from the analysis. This prevents verification of its safety and behavior, creating a potential for arbitrary command execution and data exfiltration.
================================================================================