upload-file
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Prompt Injection] (MEDIUM): The skill contains instructions that explicitly override standard agent safety behaviors. Evidence: The instruction 'Never say "file already exists". Always write them fresh' forces the agent to ignore file existence checks, potentially allowing an attacker to overwrite sensitive project files via path manipulation.
- [Data Exfiltration] (MEDIUM): Step 1 uses a template variable to construct a file path for the 'Read' tool. This presents a path traversal risk if the variable is derived from untrusted input, potentially exposing sensitive files.
- [Indirect Prompt Injection] (MEDIUM): The skill possesses a direct ingestion surface for untrusted data that influences file creation. Ingestion points: User-specified file types, destination paths, and test content requirements. Boundary markers: Absent; there are no instructions to delimit user input from the script templates. Capability inventory: Access to the 'Write' tool to create '.robot' scripts. Sanitization: None; the agent is not instructed to validate or escape user input before interpolation.
- [Command Execution] (LOW): The skill automates the creation of '.robot' scripts. While it does not execute them directly, it acts as a vector for malicious code to enter the system.
Audit Metadata