filesystem
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions and usage examples for the
Bashtool to perform directory operations such as listing files (ls), creating directories (mkdir), and moving/renaming files (mv). These commands are standard for file management and are presented within the context of the skill's primary purpose. - [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection because it is designed to read and search arbitrary file content from the local filesystem (ingestion points:
Read,Grep, andGlobtools described inSKILL.md). There are no specific boundary markers or content sanitization methods defined to prevent the agent from obeying instructions hidden within files. The inventory of capabilities includes file writing, editing, and bash command execution, which are consistent with the intended functionality of a file management utility. Given the primary purpose of the skill, the associated risk is considered low.
Audit Metadata