Skills
skills/cheehoolabs/spureeskills/file-management/Gen Agent Trust Hub

file-management

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides specific shell command templates for agents to compute CRC32 checksums of local files using Python and to interact with the Spuree API via curl. These are legitimate utility functions required for the skill's file-integrity verification and API communication workflows.
  • [PROMPT_INJECTION]: The skill ingests and processes file and folder metadata from the Spuree API, which acts as a surface for indirect prompt injection.
  • Ingestion points: External metadata (such as file names and folder structures) enters the agent's context through the /v1/search and /v1/files/{fileId} endpoints.
  • Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from interpreting instructions that might be embedded in file names.
  • Capability inventory: The skill allows for network operations (curl) and local shell execution (python3 for checksums).
  • Sanitization: There is no explicit requirement or instruction to sanitize or escape metadata retrieved from the API before display or further processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 08:37 PM