file-deletion-rules
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill uses directive language ('Apply without confirmation') to override the agent's standard behavior of seeking user confirmation for destructive actions like file deletion.- [Command Execution] (LOW): The deletion process involves executing shell commands ('git stash', 'git rm') with interpolated placeholders for reasons and filenames. Without explicit sanitization instructions, this creates a surface for command injection if malicious strings are provided as input.- [Indirect Prompt Injection] (LOW): Mandatory Evidence Chain:
- Ingestion points: The '' and '' placeholders in SKILL.md process user-provided strings.
- Boundary markers: Absent. No delimiters or instructions to treat input as literal strings are provided.
- Capability inventory: The skill utilizes subprocess calls to git for stashing and removal.
- Sanitization: Absent. The skill does not instruct the agent to escape or validate the contents of the reason or file lists before execution.
Audit Metadata