file-organizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes various shell commands including 'ls', 'find', 'du', 'mkdir', and 'mv'. These are utilized to inspect directory structures and perform file operations. While powerful, these commands are directly aligned with the skill's primary function as a file organizer.
- [DATA_EXFILTRATION] (LOW): The skill is designed to access and analyze the contents of sensitive local directories, such as '~/Documents' and the 'home folder'. This constitutes data exposure (metadata), though no unauthorized external transmission (exfiltration) patterns were detected.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface detected.
- Ingestion points: Untrusted data enters the agent context through filenames and file type analysis results (via 'find -exec file') from the local file system.
- Boundary markers: Absent. There are no explicit instructions for the agent to ignore instructions embedded within filenames or file contents.
- Capability inventory: The skill has the capability to move, rename, and delete files ('mv', 'rm'), and create directories ('mkdir').
- Sanitization: Partial. The instruction examples use double quotes around paths, which provides basic shell escaping, but there is no explicit validation or sanitization logic for malicious filenames (e.g., those containing shell metacharacters).
Audit Metadata