file-operations
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill exposes high-impact system commands such as 'rm -rf' (recursive deletion), 'chmod' (permission modification), and 'chown' (ownership modification). These capabilities allow for total file system compromise if misused.- [PROMPT_INJECTION] (HIGH): There is a significant risk of indirect prompt injection. The skill provides the ability to ingest untrusted data from the filesystem and perform destructive actions based on that data.- Evidence: 1. Ingestion points: Local filesystem content via 'cat', 'head', 'tail', 'find' (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: 'rm -rf', 'sed -i' (file modification), 'chmod', 'chown' (SKILL.md). 4. Sanitization: Absent. An attacker could place malicious instructions inside a text file that the agent reads, leading the agent to execute 'rm -rf' or other destructive commands.- [DATA_EXFILTRATION] (MEDIUM): The 'cat' and 'ls -la' commands enable unrestricted reading of sensitive configuration files (e.g., .env, .ssh/config) if the agent is directed to those paths.
Recommendations
- AI detected serious security threats
Audit Metadata