converter
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The conversion script performs destructive file system operations by executing
rm -rf "$output_dir"to implement clean-write semantics. If the output path is not properly validated or is influenced by malicious input, this could result in the unintended deletion of local directories accessible to the agent. - [COMMAND_EXECUTION]: The resource copying process uses
rsyncwith the--copy-linksflag. This configuration instructs the tool to follow and resolve symbolic links. If a source skill directory contains malicious symlinks pointing to sensitive system files or directories, those files could be copied into the output directory, potentially leading to unauthorized data exposure.
Audit Metadata