file-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes data from file systems that could contain malicious instructions. 1. Ingestion points: SKILL.md Step 2 and Step 4 ingest filenames and metadata using 'ls', 'find', and 'file'. 2. Boundary markers: Absent; there are no delimiters used to separate untrusted file data from the agent's instructions. 3. Capability inventory: SKILL.md Step 6 involves file system modifications including 'mkdir' and 'mv'. 4. Sanitization: Absent; the skill relies on manual user confirmation rather than automated sanitization or validation of the processed file names.
- [COMMAND_EXECUTION]: The skill executes shell commands such as 'find', 'ls', 'du', 'mkdir', and 'mv' to achieve its purpose. While these actions are central to the skill's functionality, they provide a surface for exploitation if the agent does not properly escape file names or paths that might contain shell metacharacters.
Audit Metadata