finding-files
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of Markdown documentation and does not contain any executable scripts, binaries, or automated configuration files.
- COMMAND_EXECUTION (LOW): The documentation facilitates arbitrary command execution by teaching the agent to use the
-xand-Xflags of thefdutility, as well as piping output toxargsandrmfor batch operations. While these are legitimate features of the tool, they allow the agent to perform destructive or arbitrary actions on the host system. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and act upon data from the file system (filenames and paths).
- Ingestion points: File and directory names returned by
fdsearch results. - Boundary markers: No specific delimiters or warnings are provided to the agent to treat search results as untrusted data.
- Capability inventory: Includes the ability to delete files (
rm), perform batch text replacements (sd), and execute arbitrary shell commands (-x,xargs). - Sanitization: The instructions lack guidance on sanitizing, validating, or escaping file paths before they are used in commands or logic.
- DATA_EXFILTRATION (LOW): The skill provides instructions for discovering hidden files (
-H) and bypassing.gitignorerules (-I), which increases the risk of the agent discovering and potentially exposing sensitive data like environment variables, private keys, or configuration secrets.
Audit Metadata