dired
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
emacsclient --evalvia the Bash tool to send Lisp commands to a running Emacs process. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes file information from the conversation history.
- Ingestion points: Directory paths and file names from the conversation are interpolated into a Lisp command string.
- Boundary markers: No delimiters or specific instructions are provided to isolate file data from the Lisp code.
- Capability inventory: The
emacsclient --evalcommand has full access to the Emacs Lisp interpreter, which can execute system commands. - Sanitization: No sanitization or escaping of file names is performed, which could allow a maliciously named file (e.g., one containing quotes or parentheses) to execute unintended Lisp code.
Audit Metadata