filesystem
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing a local binary named
filesystem. The installation process involves a manualchmod +xcommand to grant execution permissions to this file. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection.
- Ingestion points: File contents are ingested into the agent context via the
filesystem search --contentcommand (SKILL.md). - Boundary markers: The documentation does not mention the use of delimiters or 'ignore' instructions when presenting file content to the agent.
- Capability inventory: The skill has the capability to list, search, copy, and analyze files and directories across the filesystem.
- Sanitization: There is no evidence of content sanitization or escaping for data read from files before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The installation instructions reference external sources, including a GitHub repository and a custom registry called 'ClawdHub'.
Audit Metadata