symlink-manager
Fail
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script file 'scripts/symlink_manager.py' contains a path traversal payload ('../../../scripts/symlink_manager.py') which is a malicious pattern used to attempt unauthorized access to files or directories outside of the intended scope.
- [COMMAND_EXECUTION]: The troubleshooting guide recommends modifying sensitive Windows Registry keys (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock) via the 'reg add' command. This bypasses security controls and lowers the overall security posture of the host system.
- [COMMAND_EXECUTION]: The skill workflow includes the automated execution of destructive Git commands ('git rm --cached -r .' and 'git reset --hard') which pose a significant risk of unintentional data loss if executed in an incorrect context or without prior user confirmation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the 'symlinks.json' manifest file. Evidence: 1. Ingestion point: The skill reads symlink definitions from an external JSON manifest; 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present; 3. Capability inventory: The skill performs file system creation (symlinks/junctions) and executes shell commands; 4. Sanitization: No validation or escaping of manifest content is described.
Recommendations
- AI detected serious security threats
Audit Metadata