file-intel-skill
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions direct the agent to execute a shell command using a folder path directly provided by the user:
python scripts/process_files_with_gemini.py <folder_path>. This pattern is vulnerable to command injection if the user provides a path containing shell metacharacters such as semicolons, backticks, or pipes (e.g.,inbox/; rm -rf /).- [PROMPT_INJECTION]: The skill processes content from various untrusted file formats (PDF, DOCX, XLSX, etc.) to generate summaries, creating a surface for indirect prompt injection. - Ingestion points: Any file within the user-specified folder processed in
SKILL.md. - Boundary markers: No delimiters or instructions are provided to the agent to distinguish between the skill's instructions and the content of the files being processed.
- Capability inventory: Execution of a local Python script via bash subprocess call.
- Sanitization: The instructions do not specify any validation or sanitization of file content prior to processing by the LLM.
Audit Metadata