tool-design
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill promotes an architectural pattern that grants agents direct access to the host file system via shell commands.\n
- Evidence: The 'File System Agent Pattern' suggests providing 'direct file system access through a single command execution tool' and using 'standard Unix utilities (grep, cat, find, ls)'.\n- [PROMPT_INJECTION]: The recommended architecture creates a surface for Indirect Prompt Injection through the processing of untrusted data from the file system.\n
- Ingestion points: File system content read using utilities like 'cat' or 'grep'.\n
- Boundary markers: The skill does not provide guidance on using delimiters to separate untrusted data from the agent's instructions.\n
- Capability inventory: The proposed pattern utilizes shell commands for broad system interaction.\n
- Sanitization: No explicit sanitization or input validation measures are described for the data processed by the agent.
Audit Metadata