file-intel
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script
scripts/process_files_with_gemini.pyvia the bash shell. Because the script's source code is not included in the skill definition, its security posture and actions on the local filesystem cannot be verified. - [COMMAND_EXECUTION]: The skill uses the
opencommand to automatically open output directories. While used here for user convenience, theopencommand can be used to execute arbitrary files if paths are manipulated. - [PROMPT_INJECTION]: The skill is designed to process and summarize content from untrusted external files (PDF, DOCX, XLSX, etc.). This creates a vulnerability to indirect prompt injection, where an attacker could embed malicious instructions within these files to hijack the agent's behavior during the processing phase.
- Ingestion points: Local folders and files processed by the script (SKILL.md).
- Boundary markers: No delimiters or ignore instructions are specified for the processed content (SKILL.md).
- Capability inventory: The agent has shell execution capabilities (python, open) (SKILL.md).
- Sanitization: No evidence of input validation or sanitization is provided (SKILL.md).
Audit Metadata