password-recovery
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill utilizes
python3 -cto execute dynamically constructed Python code. It provides templates with placeholders like<file>and<pattern>. If an agent interpolates untrusted or unescaped strings into these placeholders, it could lead to command injection or arbitrary code execution within the Python sub-process. - [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted external data (disk images and binary files) which could contain malicious payloads targeting the agent's parsing logic.
- Ingestion points: Python
open().read()and shellstrings/grepoperations on external files. - Boundary markers: None. The skill does not implement delimiters or 'ignore' instructions for the data it processes.
- Capability inventory: File system read access, shell utility execution, and Python interpretation.
- Sanitization: None. The skill relies on standard utilities without input validation.
- [Data Exposure] (LOW): By design, the skill searches for passwords and sensitive fragments. While this is the primary purpose (forensics), it provides a functional template for identifying sensitive data within accessible files. It does not, however, target specific system-level secret paths like SSH keys or environmental configs.
Audit Metadata