tool-design
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill advocates for the 'File System Agent Pattern' in both SKILL.md and references/architectural_reduction.md. This pattern suggests providing agents with a tool to execute arbitrary bash commands (e.g., execute_command) to interact with the system using Unix utilities like grep, cat, find, and ls.
- [DATA_EXFILTRATION]: By promoting direct file system access through shell commands, the skill encourages an architecture where an agent could potentially read sensitive files (such as .env or configuration files) if the execution environment is not strictly isolated.
- [COMMAND_EXECUTION]: The file references/architectural_reduction.md provides a code implementation pattern for a 'create_execute_tool' that utilizes sandbox.exec(command). While the documentation mentions sandboxing, granting an LLM access to a shell is a high-risk capability that can lead to unintended system manipulation.
Audit Metadata