data-backup
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and runs a local bash script (backup_project.sh) using standard commands like tar, rsync, and gzip for file management.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and "cleans" user-provided files (Jupyter notebooks, Markdown, CSV) which may contain malicious instructions that the agent could inadvertently follow during processing.
- Ingestion points: Processes *.ipynb, *.md, *.csv, and project metadata files.
- Boundary markers: No explicit delimiters are used to isolate untrusted file content from agent instructions.
- Capability inventory: Performs file system operations including reading, writing, and executing shell commands.
- Sanitization: Validation is limited to file structure and integrity rather than security-focused content filtering.
Audit Metadata