The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill possesses a high-risk surface for Indirect Prompt Injection (Category 8) as it ingests untrusted data and possesses write capabilities.\n
Ingestion points: The script scripts/organize.py reads file names and directory structures via os.listdir() and os.walk(). Additionally, the undo function reads path data from an external JSON history file.\n
Boundary markers: Absent. There are no delimiters or instructions to prevent the agent or the script from misinterpreting filenames or history data as instructions.\n
Capability inventory: The skill has direct file system write capabilities, including moving files (shutil.move), creating directories (os.makedirs), and deleting files (os.remove).\n
Sanitization: While the script uses standard path joining, the undo function lacks validation to ensure that paths provided in the history JSON are restricted to the intended directory, enabling arbitrary file movement or overwrite across the filesystem if an attacker-controlled log is processed.
[COMMAND_EXECUTION] (MEDIUM): The skill is designed to perform recursive file system modifications. While it does not call external shell commands via subprocesses, the programmatic move and delete operations pose a similar risk if the target directory or history file is manipulated by an adversary.

file-organizer-skill