filesystem
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool for potentially destructive operations, such as 'rm -r' for recursive directory deletion and 'chmod' for modifying file permissions. These commands are executed without a sandbox, posing a risk to the host system if the agent is misled.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes file contents using the 'Read' and 'Grep' tools without implementing boundary markers or sanitization logic.
- Ingestion points: File contents are read into the agent's context through the 'Read' and 'Grep' tools as described in SKILL.md.
- Boundary markers: No specific delimiters or instructions are provided to help the agent distinguish between its own instructions and potentially malicious commands embedded within the files it processes.
- Capability inventory: The agent possesses high-impact capabilities including file writing ('Write', 'Edit'), deletion ('rm'), and permission changes ('chmod'), which could be triggered by instructions found in user-controlled files.
- Sanitization: The skill does not mention any methods for validating, filtering, or escaping file content before it is processed by the language model.
Audit Metadata