file-organizer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes powerful system commands including
find,mv,mkdir,ls, andduto manipulate the local file system. While these are necessary for the primary purpose of file organization, they provide the agent with significant control over local data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to how it processes local data:
- Ingestion points: The skill reads file names, file types, and directory structures from the local filesystem (SKILL.md, Instructions Step 2 and 4).
- Boundary markers: Absent. There are no explicit instructions to ignore potentially malicious content embedded in file names or metadata.
- Capability inventory: The skill possesses the ability to create directories (
mkdir), move/rename files (mv), and execute complex search/hash commands (find,md5). - Sanitization: Absent. The instructions do not specify sanitization or validation of file names before they are used in shell commands, relying on standard agent quoting.
Audit Metadata