remove-old-skills-from-workflow
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute 'rm -rf' on a file path constructed with a user-provided variable 'skill-name'. There is no instruction to validate or sanitize this input. A malicious user could provide a skill name containing path traversal sequences (e.g., '../../') to delete sensitive directories outside the intended workflow folder. While deletion is the primary purpose of the skill, the absence of safety constraints on the command execution makes it risky.- [Indirect Prompt Injection] (LOW):
- Ingestion points: The 'skill-name' variable is ingested from user input as described in SKILL.md.
- Boundary markers: None are present in the provided command templates or instructions.
- Capability inventory: Includes recursive file searching ('grep -r') and recursive force deletion ('rm -rf').
- Sanitization: There is no mention of sanitizing the 'skill-name' to prevent characters like '..' or '*' from being used in the shell commands.
Audit Metadata