file-manager
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages powerful Bash utilities such as find, mv, rm, zip, and tar for file system manipulation. While these are necessary for a file manager, the inclusion of destructive commands like rm -rf and the find -exec pattern necessitates high trust in the agent's interpretation of user commands.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it processes untrusted data from the local file system.
- Ingestion points: The skill retrieves file names and paths using find, ls, glob, and grep tools within the user's home directory.
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat file system metadata as untrusted content.
- Capability inventory: The skill is granted access to the Bash, Write, and Read tools, allowing for significant file system changes based on processed data.
- Sanitization: Although the bash snippets use standard shell quoting for variables, there is no robust sanitization to prevent the agent from being influenced by malicious instructions or shell-breaking characters embedded in file names.
Audit Metadata