Skills
skills/qdhenry/claude-command-suite/file-watcher/Gen Agent Trust Hub

file-watcher

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [NO_CODE]: The skill references a script scripts/watch-files.mjs which is not included in the provided file list.
  • [COMMAND_EXECUTION]: The documentation describes a mechanism that uses child_process.execSync to run the claude CLI by interpolating a {{file}} placeholder. This pattern is vulnerable to command injection if a file is created or renamed with shell metacharacters (e.g., ; rm -rf /).
  • [PROMPT_INJECTION]: The skill implements an automated file watcher that passes file content to an AI model, creating a surface for indirect prompt injection.
  • Ingestion points: Any file added or modified within the directory monitored by the watcher.
  • Boundary markers: No boundary markers or 'ignore' instructions are mentioned to prevent the model from obeying instructions found inside the watched files.
  • Capability inventory: The skill executes commands via child_process.execSync and interacts with the claude CLI.
  • Sanitization: The documentation does not specify any sanitization, escaping, or validation of the file paths or content before execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 08:04 PM