file-watcher
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute arbitrary shell commands provided by the user or agent via arguments.
- Evidence: In
watch.sh, the command is executed usingeval "$COMMAND"(line 228). - Evidence: In
watch.js, the command is executed usingexecSync(cmd, ...)(line 79). - [INDIRECT_PROMPT_INJECTION]: The skill processes file system data (filenames and paths) and interpolates them into the execution environment, creating a vulnerability surface for command injection.
- Ingestion points: File system event data (filenames and paths) in
watch.sh(line 330) andwatch.js(line 118). - Boundary markers: None present. The variables are passed directly into the environment.
- Capability inventory: Arbitrary shell command execution via
eval(Bash) andexecSync(Node.js). - Sanitization: No sanitization or shell-escaping is performed on file paths before they are made available to the shell environment. A file named with shell metacharacters (e.g.,
; rm -rf /) could trigger unintended command execution if the provided command string references the$FILEvariable unsafely.
Audit Metadata