skill-refresh
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script refresh-all-skills.js is vulnerable to command injection by using unsanitized directory names in shell commands. Ingestion points: Directory names are read from the file system using fs.readdirSync in refresh-all-skills.js. Boundary markers: None are present to prevent command escape characters. Capability inventory: The script uses execSync to run shell commands and fs.rmSync to delete files. Sanitization: There is no escaping or validation of folder names before they are interpolated into the eskill install command.
- [COMMAND_EXECUTION]: The script performs a destructive recursive deletion on a hardcoded system path. Evidence: In refresh-all-skills.js, the command fs.rmSync is used on C:/Users/Administrator/.emp-agent/skills with the recursive and force flags enabled. Risk: This behavior results in the loss of all data in the target directory without user prompts or confirmation.
Audit Metadata