dotfiles-optimizer
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is explicitly designed to read and audit sensitive files, including SSH configurations (~/.ssh/config), git configurations, and environment files (.env). It uses specific regex patterns to detect and expose hardcoded credentials, API tokens, and private keys within these files. While the goal is security auditing, this constitutes high-privilege data access.
- [COMMAND_EXECUTION]: The orchestrator is capable of modifying critical shell profile files such as .zshrc and .bashrc. It also performs filesystem operations like 'chmod' to alter permissions and 'cp' to create backups. The '--apply' flag allows the agent to perform these modifications automatically, potentially executing changes without direct user review of the code being written.
- [PROMPT_INJECTION]: The skill presents a vulnerability to indirect prompt injection (Category 8) because it processes untrusted data from local dotfiles which could contain instructions intended to influence the agent's behavior. Evidence: 1. Ingestion points: Processes multiple user-controlled files like .zshrc and .gitconfig. 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard embedded commands. 3. Capability inventory: Uses 'Read' and 'Edit' tools and executes shell commands for file management. 4. Sanitization: No sanitization or validation of the ingested file content is performed before it is used to generate recommendations or edits.
Audit Metadata