managing-dotfiles
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The yadm bootstrap command executes the script at ~/.config/yadm/bootstrap, which is typically sourced from an external repository via yadm pull. This creates a direct vector for executing arbitrary code from a remote source.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses yadm enter to execute commands like pre-commit within the repository context, which can be leveraged to run local binaries or scripts.
- [DATA_EXFILTRATION] (MEDIUM): The agent can push home directory files to a remote git repository. This functionality can be abused to exfiltrate sensitive files, such as SSH keys or environment variables, if the agent is directed to a malicious remote.
- [PERSISTENCE_MECHANISMS] (HIGH): The skill specifically targets shell and terminal configuration files (e.g., .config/fish/, .vimrc, .tmux.conf). Modifying these files allows an attacker to ensure malicious code runs every time the user opens a terminal or starts a session.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from remote repositories without sanitization.
- Ingestion points: yadm pull from remote git repositories.
- Boundary markers: None.
- Capability inventory: File writing to $HOME, execution via bootstrap and yadm enter, network access via git push/pull.
- Sanitization: None; assumes the remote repository is fully trusted.
Audit Metadata