Skills
skills/dotnetage/mindx/finder/Gen Agent Trust Hub

finder

Warn

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script finder_cli.sh executes system commands (ls, open, stat, file) using a user-supplied path parameter. This grants the AI agent broad capability to interact with the host filesystem. \n- [DATA_EXFILTRATION]: The skill allows the agent to list any directory and retrieve metadata for any file on the system. Due to the lack of path validation or sandboxing, the agent can be used to explore sensitive areas of the disk, such as .ssh directories or configuration files containing secrets. \n- [COMMAND_EXECUTION]: The use of the macOS open utility is potentially unsafe as it can be used to launch URLs in addition to opening files. This could be leveraged to force the host system to open malicious websites if the path parameter is manipulated into a URL. \n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted file names that are returned to the agent. \n
  • Ingestion points: Directory listings generated in finder_cli.sh. \n
  • Boundary markers: None. The output is structured as JSON but the content within fields is not delimited or sanitized. \n
  • Capability inventory: File system access and metadata retrieval across finder_cli.sh. \n
  • Sanitization: None. The awk script performs manual string concatenation to build JSON, which does not escape special characters like quotes in file names.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 11, 2026, 10:48 AM