Skills
skills/cklxx/elephant.ai/artifact-management/Gen Agent Trust Hub

artifact-management

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The read action in run.py is vulnerable to path traversal. The script joins the base directory _ARTIFACTS_DIR with a user-provided name argument without verifying that the resulting path remains within the intended directory. This allows an attacker to read sensitive files like ~/.ssh/id_rsa or .env using sequences like ../../.
  • [COMMAND_EXECUTION]: The create and delete actions in run.py allow for arbitrary file creation, modification, and deletion outside the artifacts folder via path traversal. An attacker could overwrite configuration files or delete critical system data by providing malicious name parameters.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by allowing untrusted data to be persisted and later retrieved.
  • Ingestion points: The content parameter of the create function in run.py accepts arbitrary input.
  • Boundary markers: None; the skill does not use delimiters or warnings to separate stored data from instructions when files are read.
  • Capability inventory: The skill includes file I/O operations and requests bash tool access in SKILL.md.
  • Sanitization: None; there is no validation or escaping of the content being stored or the file paths used.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 04:47 AM