rclone
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation assets from rclone.org, which is the official domain for the well-known rclone utility.
- [REMOTE_CODE_EXECUTION]: Executes a remote shell script via curl piped to sudo bash to install the rclone utility, following the official software installation path.
- [COMMAND_EXECUTION]: Utilizes system commands and the rclone binary to perform file operations and configuration. This includes the use of sudo for installation tasks.
- [CREDENTIALS_UNSAFE]: Handles sensitive cloud provider credentials using placeholders in documentation to prevent accidental exposure during configuration.
- [PROMPT_INJECTION]: The skill processes untrusted output from remote file listings, creating a surface for indirect prompt injection. * Ingestion points: Output from rclone ls and rclone lsd in SKILL.md and scripts/check_setup.sh. * Boundary markers: None identified to isolate remote data from agent instructions. * Capability inventory: File system and network operations via rclone (copy, sync, config). * Sanitization: No explicit sanitization or validation of remote file names or metadata before processing.
Audit Metadata