file-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill grants access to the
Read,Grep, andGlobtools without restricting the file system scope. This allows the agent to access and expose sensitive local files, such as private SSH keys (~/.ssh/id_rsa), configuration files, or environment variables containing secrets, if requested or manipulated to do so.\n- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection because it processes untrusted file content without any safety boundaries or sanitization logic.\n - Ingestion points: Untrusted text from the file system enters the agent context through the
ReadandGreptools.\n - Boundary markers: Absent. There are no instructions to the agent to treat file content as data only or to ignore embedded instructions (e.g., using XML delimiters or specific system instructions).\n
- Capability inventory: The agent has access to
Read,Grep, andGlobtools.\n - Sanitization: Absent. File content is processed directly for structure and dependency analysis, which could trigger malicious instructions hidden in code comments or documentation.
Recommendations
- AI detected serious security threats
Audit Metadata