Skills
skills/terrylica/cc-skills/chezmoi-sync/Gen Agent Trust Hub

chezmoi-sync

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various chezmoi and git commands to detect drift and sync files. Evidence: Shell commands including chezmoi status, chezmoi diff, and chezmoi git -- push in SKILL.md.
  • [DATA_EXFILTRATION]: The skill pushes local file changes to a remote git repository, which involves transmitting potentially sensitive dotfile content over the network. Evidence: chezmoi git -- push in SKILL.md.
  • [CREDENTIALS_UNSAFE]: The skill accesses the chezmoi configuration file, which often contains sensitive environment details or repository URLs. Evidence: Accesses ~/.config/chezmoi/chezmoi.toml as mentioned in the notes.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted file content during the drift check process.
  • Ingestion points: The agent reads the output of chezmoi diff in Step 1 to identify changes.
  • Boundary markers: Absent; there are no instructions or delimiters to prevent the agent from following instructions embedded within the file diffs.
  • Capability inventory: The skill has access to the Bash tool for command execution and the Edit tool for file modification.
  • Sanitization: Absent; the content of the drifted files is processed directly by the agent without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 08:45 PM