create-text-file
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file operations by interpolating user-provided inputs directly into shell commands (
cat,ls,wc). This creates a risk of command injection if thefile_pathparameter is not strictly sanitized by the execution environment. - [COMMAND_EXECUTION]: The skill provides unrestricted file system write access. An attacker could use this capability to overwrite critical files (e.g.,
~/.bashrc,~/.ssh/authorized_keys, or/etc/passwdif running with sufficient privileges) to achieve persistence or modify system behavior. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data in the
contentparameter and writes it to the local filesystem. - Ingestion points: The
contentandfile_pathparameters defined inSKILL.mdare the primary entry points for untrusted data. - Boundary markers: The implementation uses a shell heredoc
<< 'EOF'which prevents shell variable expansion within the content during the write process, but it does not prevent the agent from being instructed to write malicious scripts or configuration changes. - Capability inventory: The skill utilizes shell command execution via
cat,ls, andwcto interact with the filesystem. - Sanitization: No sanitization, path validation, or content filtering is implemented to restrict where files can be written or what they can contain.
Recommendations
- AI detected serious security threats
Audit Metadata