eld-record
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Path traversal vulnerability in
scripts/validate_claims.py. The script extracts file paths from untrusted claim text via regular expressions and resolves them against the project root usingpathlib.Path. Becausepathliballows absolute paths or directory traversal sequences (e.g.,../../) to override the base path, a malicious claims file can be used to confirm the existence and compute the SHA256 hash of sensitive files on the host system (e.g.,/etc/passwdor SSH keys) that the user has permission to read. - [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of external data.
- Ingestion points: The script
scripts/validate_claims.pyprocesses claim data from JSON files or standard input which could originate from untrusted sources. - Boundary markers: Absent. There are no explicit delimiters or instructions to the agent to ignore potentially malicious commands embedded in the processed claims.
- Capability inventory: The skill includes scripts for file system metadata scanning and file content reading for hashing purposes.
- Sanitization: Absent. The script does not validate that paths extracted from claims remain within the intended project directory.
Audit Metadata