file-tools
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides a mechanism to write arbitrary content to specified paths.\n- Ingestion points: The arguments passed to the write_sample.sh script (message and path) via the workspace shell.\n- Boundary markers: None identified in the script or instructions to delimit untrusted content.\n- Capability inventory: Shell script execution with file writing (printf redirect) and directory creation (mkdir) capabilities.\n- Sanitization: No explicit validation or escaping of the provided message or output path within the script.\n- Command Execution (INFO): The skill is designed to run common shell commands like ls and tar. This is an intended capability but is noted as it provides direct interaction with the workspace shell environment.
Audit Metadata