file-organizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill utilizes several powerful shell commands (
find,mv,mkdir,du) to manage the filesystem. These commands are constructed dynamically using variables representing file paths and names, which is a significant security risk if the input is not sanitized. - [PROMPT_INJECTION] (HIGH): This skill exhibits a major Indirect Prompt Injection surface (Category 8). 1. Ingestion points: The skill reads untrusted data (file names, types, and paths) directly from the user's filesystem using
ls -laandfind(SKILL.md, Instruction 2). 2. Boundary markers: There are no delimiters or boundary markers used when processing these file names to distinguish data from instructions. 3. Capability inventory: The skill has significant write capabilities including creating directories and moving/renaming files (mkdir,mv) across the system (SKILL.md, Instruction 6). 4. Sanitization: The instructions lack any requirement to sanitize file names or paths. An attacker could place a file with a name containing shell metacharacters (e.g.,;,|,`) or escape sequences, which could cause the agent to execute unintended commands during the analysis or execution phases.
Recommendations
- AI detected serious security threats
Audit Metadata