figshare-data-download
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/figshare_data_download.pyutilizessubprocess.runto execute the system-levelopencommand. This is used to launch the default web browser with a URL provided via theurlargument. While standard for macOS browser automation, executing system commands with user-controlled input presents a minor risk of command misuse. - [DATA_EXFILTRATION]: The skill performs file system operations that involve reading from the
~/Downloadsdirectory and writing to an arbitrary path specified by the--outputparameter. This functionality allows the script to relocate files from a sensitive user directory to other locations on the system. There is no verification that the file being moved is indeed the one downloaded from Figshare beyond basic name matching and timestamp checks. - [INDIRECT_PROMPT_INJECTION]: The skill processes external URLs and interacts with local file metadata, creating a surface for indirect prompt injection.
- Ingestion points: The
urlargument inscripts/figshare_data_download.pyand the resulting files in the downloads directory. - Boundary markers: None identified in the script or prompt instructions.
- Capability inventory: File write access (
shutil.copy2) and subprocess execution (subprocess.run) inscripts/figshare_data_download.py. - Sanitization: The script lacks sanitization for the input URL or the filenames it processes from the file system.
Audit Metadata