config-backup
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Bash commands (zip and unzip) to perform its core functions. This creates an attack surface where maliciously crafted filenames or paths in the local environment could be exploited if the agent does not strictly validate these inputs during command construction.
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected. The skill processes an external XML file to retrieve backup history and descriptions, which could contain malicious instructions. 1. Ingestion points: .backups/idea/backup-log.xml (SKILL.md). 2. Boundary markers: Absent; there are no explicit instructions to the agent to treat the content of the XML file as untrusted data or to ignore instructions embedded within it. 3. Capability inventory: Extensive file system access (read/write) and the ability to execute shell commands via Bash (SKILL.md). 4. Sanitization: The skill definition does not describe any validation or escaping of the metadata retrieved from the log file before it is presented to the user or processed by the model.
Audit Metadata