file-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides functional code snippets for file system operations including creation, deletion, and moving of files. While these are intended for the skill's primary purpose, they grant the agent significant local capabilities.
- [PROMPT_INJECTION] (LOW): Detection of Indirect Prompt Injection surface (Category 8).
- Ingestion points: File names and directory structures are read via
Path(directory).iterdir()in the Python example. - Boundary markers: Absent; the script does not include delimiters or warnings to ignore instructions embedded in file names.
- Capability inventory: File renaming (
file.rename) and movement (mv) are capable of altering state based on input data. - Sanitization: Absent; the
batch_renamefunction uses direct string replacement which does not sanitize for control characters or shell meta-characters.
Audit Metadata