media-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
ls,stat,mkdir,mv, andrm -rfto manipulate files. * Evidence:SKILL.mdSteps 2 and 3. * Risk: Filenames are interpolated into commands without explicit escaping instructions, potentially leading to command injection if filenames contain shell metacharacters. - [PROMPT_INJECTION]: The skill processes filenames from the local filesystem to determine its logic, creating a surface for indirect prompt injection. * Ingestion points:
SKILL.mdStep 2.1 usesls -Rto read untrusted filenames. * Boundary markers: No delimiters or ignore instructions are used for filenames. * Capability inventory: Access to filesystem commandsmvandrm -rf. * Sanitization: No instruction to sanitize or validate filenames before they are used in command generation.
Audit Metadata