fs25-fs-utils
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a repository from an external source (github.com/scfmod/fs-utils) that is not on the trusted vendors list.- [REMOTE_CODE_EXECUTION]: The skill builds and runs executable code from the cloned repository using 'cargo build' and 'cargo run'. This allows for the execution of code defined in the external repository.- [COMMAND_EXECUTION]: The skill uses shell commands including 'git clone', 'cargo build', and 'cargo run' to install and operate the utility tools.- [PROMPT_INJECTION]: The skill processes untrusted external data such as game scripts (Luau/LuaJIT) and XML files (SKILL.md). Ingesting these files creates an indirect prompt injection surface if the agent parses and follows instructions embedded within the decompiled output or extracted data. Capability inventory includes subprocess calls via cargo run. No explicit boundary markers or sanitization logic is provided in the skill instructions.
Audit Metadata