windows-explorer-advanced
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of PowerShell commands to manage the file system, including 'Get-ChildItem', 'Get-Item', and 'Clear-RecycleBin'.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the file system (filenames, file paths, and metadata) and incorporates it into the agent's context. An attacker could place a file with a malicious name to influence agent behavior.
- Ingestion points: Reads filenames and shortcut targets from '$env:APPDATA\Microsoft\Windows\Recent' and '$env:USERPROFILE'.
- Boundary markers: No specific delimiters are used to separate file metadata from instructions in the prompt snippets.
- Capability inventory: Includes file system enumeration, file property reading, and the ability to empty the Recycle Bin.
- Sanitization: No evidence of sanitization or escaping of filenames before they are processed by the agent.
- [DATA_EXPOSURE]: The skill accesses the Windows 'Recent' folder ('$env:APPDATA\Microsoft\Windows\Recent'), which exposes user activity history and frequently accessed file paths.
- [DESTRUCTIVE_OPERATIONS]: The skill includes a command to empty the Recycle Bin ('Clear-RecycleBin -Force'). This is mitigated by an explicit safety rule requiring Human-In-The-Loop (HITL) confirmation before execution.
Audit Metadata