smart-file-organizer
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The shell script
scripts/rename-map.shcontains a code injection vulnerability. Therollbackandreconcilecommands interpolate the shell variable$MAP_PATH(which is derived from the user-provided target directory) directly into a Python script string executed viapython3 -c. A target directory path containing single quotes and embedded Python commands could result in arbitrary code execution on the user's system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads up to 8KB of content from untrusted files to determine new filenames. Malicious instructions embedded within these files could attempt to influence the agent's renaming logic or project structure decisions.
- Ingestion points: Step 3 of
SKILL.mdspecifies reading the first 4KB of text files and 8KB of document files. - Boundary markers: No specific delimiters or safety instructions are used to isolate the file content from the agent's instructions.
- Capability inventory: The agent has the capability to rename and move files and create directories via the
scripts/rename-map.shutility. - Sanitization: The skill lacks automated sanitization for file content, relying instead on a 'dry-run' iterative approval loop as a human-in-the-loop mitigation.
Audit Metadata