rename-files
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection.
- Ingestion points: Processes untrusted data from filenames and file content via OCR, text extraction, and vision analysis as described in the 'Process' section of SKILL.md.
- Boundary markers: There are no specified delimiters or instructions to treat the analyzed file content as untrusted data, creating a risk that the agent will obey instructions found within the files it is scanning.
- Capability inventory: The skill possesses file listing and file system modification (rename) capabilities across all identified scripts.
- Sanitization: While the skill removes problematic characters from filenames for OS compatibility, it does not sanitize content to prevent prompt injection or instructions from influencing the renaming logic.
Recommendations
- AI detected serious security threats
Audit Metadata