update-text-file
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands (
find,cat) by interpolating parameters directly into a shell environment without input sanitization or path validation. - [DATA_EXFILTRATION]: The
cat {{FILE_PATH}}command allows the agent to read any file on the system that it has permissions for. Since thefile_pathis user-provided and unrestricted, this could lead to the exposure of sensitive files such as SSH keys, AWS credentials, or environment variables. - [COMMAND_EXECUTION]: The use of heredoc redirection (
cat > {{FILE_PATH}} << 'EOF') allows the skill to overwrite arbitrary files. This capability could be used to modify critical system configurations, shell profiles (e.g., .bashrc) for persistence, or other sensitive files if an attacker provides a malicious path. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes content from external files and untrusted user input without sanitization or protective boundary markers.
- Ingestion points: The
file_pathandnew_contentparameters, as well as the content of the file displayed viacat. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the procedure.
- Capability inventory: The skill has the ability to read and write arbitrary files on the system using shell commands.
- Sanitization: No validation or filtering of file paths or content is performed before execution.
Audit Metadata