fzf-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill provides numerous templates in resources/06-recipes.md and resources/07-advanced-patterns.md that execute shell commands (e.g., kill, vim, docker exec) based on interactive selections. This is the intended purpose of the fzf tool but involves dynamic command assembly.
- INDIRECT_PROMPT_INJECTION (LOW): Several recipes process external data from the file system, git history, and process lists, which are then interpolated into command strings. Evidence: 1. Ingestion points: fd, ps, git, and docker commands in resources/06-recipes.md. 2. Boundary markers: Absent in provided templates. 3. Capability inventory: File system access, process termination, and container execution. 4. Sanitization: Relies on fzf's internal tokenization; templates do not include additional shell escaping for selected items.
- SAFE (SAFE): Includes references to installing standard third-party tools (bat, fd, rg) through system package managers, but the skill itself does not perform any automated external downloads or network exfiltration.
Audit Metadata