Skills
skills/steelan9199/wechat-publisher-skill/create-symlink/Gen Agent Trust Hub

create-symlink

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides templates for executing OS-level commands to manipulate the file system.
  • Evidence: Commands such as ln -s, mklink, and New-Item -ItemType SymbolicLink are provided in SKILL.md and USAGE.md for different operating systems.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by interpolating user-provided data into executable command templates.
  • Ingestion points: User-provided 'source' and 'target' file paths (as described in SKILL.md and QUICK-REF.md).
  • Boundary markers: No delimiters or warnings are provided to prevent the agent from interpreting malicious characters within the paths.
  • Capability inventory: Subprocess execution for PowerShell, CMD, and Bash commands.
  • Sanitization: There is no mention of path validation, escaping, or sanitization to prevent command injection (e.g., using ;, &&, or | in paths).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:14 PM