file-organizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill presents a high Indirect Prompt Injection risk (Category 8) because it processes untrusted file metadata (names, types) and possesses high-impact write capabilities. * Ingestion points: Shell commands like
ls,find, andfilein SKILL.md ingest data from user-controlled directories. * Boundary markers: Absent; the skill lacks delimiters or instructions to isolate external data from the agent's internal reasoning. * Capability inventory: Subprocess calls includingmv,mkdir, and duplicate deletion logic in SKILL.md allow for significant filesystem modification. * Sanitization: Absent; there is no evidence of path validation or filename escaping. - DATA_EXFILTRATION (MEDIUM): The skill performs sensitive data exposure (Category 2) by systematically scanning folders such as the user home and Documents directory, including generating file hashes and size distributions. This creates a detailed map of sensitive local data.
- COMMAND_EXECUTION (LOW): The skill relies on shell command construction using user-provided directory paths, which serves as a potential injection vector if input is not strictly controlled by the agent runtime.
Recommendations
- AI detected serious security threats
Audit Metadata