doc-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection attacks.
- Ingestion points: The agent reads the first 50 lines of existing markdown files in the
docs/directory to suggest categories. - Boundary markers: There are no explicit markers or instructions telling the agent to treat the document content as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent has access to the
Bashtool, allowing it to create directories and move files within the repository. - Sanitization: The content read from the files is not sanitized or escaped before being processed by the agent's logic.
- [COMMAND_EXECUTION]: The skill executes shell commands via the
Bashtool. - The skill uses
mkdir -pandgit mvto reorganize files. These commands are constructed using file names and category names. If a file name is maliciously crafted with shell metacharacters (e.g., semicolons or backticks), it could lead to unintended command execution if the underlying tool implementation does not properly sanitize inputs.
Audit Metadata