dropbox
Fail
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides curl command templates that incorporate user-controllable placeholders such as
<file-path>,<folder-path>, and<local-file>. These templates are vulnerable to shell command injection if the agent interpolates malicious input into the shell environment without sanitization. - [DATA_EXFILTRATION]: The upload functionality enables the agent to read arbitrary local files (via the
--data-binary @<local-file>flag) and upload them to a remote Dropbox account. This capability could be exploited to exfiltrate sensitive files from the local filesystem if the agent is manipulated. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where malicious instructions could be embedded in file names or metadata within the Dropbox environment.
- Ingestion points: Folder listings, file metadata, and search results returned by the Dropbox API (SKILL.md).
- Boundary markers: No delimiters or instructions to ignore embedded commands are present.
- Capability inventory: Execution of shell commands via
curl, local file system writes to/tmp/, and reading local files for upload (SKILL.md). - Sanitization: No sanitization or validation of the content retrieved from the external API is performed before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: Fetches file content from Dropbox's official content API (
content.dropboxapi.com) and stores it in the local temporary directory (/tmp/downloaded_file).
Recommendations
- HIGH: Downloads and executes remote code from: https://content.dropboxapi.com/2/files/download - DO NOT USE without thorough review
Audit Metadata