manage-dotfiles
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (HIGH): The skill instructs the agent to execute shell commands like 'stow' and 'mv' using variables derived directly from user input (e.g., '{package}'). There is no instruction to validate or sanitize these inputs, which could allow an attacker to inject arbitrary shell commands.
- [Indirect Prompt Injection] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data (file paths and names) and has high-privilege write and execute capabilities. 1. Ingestion points: User-provided file paths for 'Importing Configurations' in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: 'stow', 'mv', and 'mkdir' commands in SKILL.md. 4. Sanitization: Absent; no validation of input strings is performed before their use in shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata