Skills
skills/besoeasy/open-skills/file-tracker/Gen Agent Trust Hub

file-tracker

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill captures file contents during write, edit, and delete operations and stores snippets (up to 5000 characters) in a local SQLite database at ~/.file_tracker/changes.db. This behavior results in local data exposure of potentially sensitive file contents modified by the agent.
  • [COMMAND_EXECUTION]: The skill performs direct filesystem operations including reading, writing, and deleting files via the os and pathlib modules in Python and the fs module in Node.js.
  • [PROMPT_INJECTION]: The skill processes untrusted file content and stores it for future retrieval, creating a surface for indirect prompt injection.
  • Ingestion points: File reading logic in tracked_edit, tracked_delete, and the FileChangeTracker context manager.
  • Boundary markers: None present in the database storage or prompt templates.
  • Capability inventory: Filesystem read/write/delete permissions and SQLite database query capabilities.
  • Sanitization: Content is truncated to 5000 characters but no input validation or instruction-filtering is applied.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:36 AM