Skills
skills/athola/claude-night-market/file-analysis/Gen Agent Trust Hub

file-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell command substitutions like $(find ...) in Step 3 without proper quoting. If the workspace contains filenames with spaces, shell metacharacters, or leading dashes, these commands may fail or result in unexpected argument parsing by the wc utility.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted file system data (Category 8).
  • Ingestion points: Workspace directory structure and filenames processed across all steps (Step 1-4).
  • Boundary markers: None identified to separate file system data from the agent's instructions.
  • Capability inventory: Executes Bash commands (find, wc, grep, tree) with file system access.
  • Sanitization: None. The instructions do not use safe handling practices like -print0 for find or double-quoting for variable/command substitutions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:32 PM