folder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local shell commands including
ls,awk, andcatto retrieve directory listings and generate the visualization output. This is consistent with the primary purpose of a folder browser. - [DATA_EXFILTRATION] (LOW): The skill accesses the local file system to list all files, including hidden files and sensitive configuration files like
.env. While it does not exfiltrate this data over the network, it exposes sensitive file paths and names to the UI and agent context. - [PROMPT_INJECTION] (LOW): The skill contains a surface for indirect prompt injection.
- Ingestion points: File and directory names are read directly from the filesystem via
ls -lain the provided bash script. - Boundary markers: The skill uses
<!-- FOLDER:START -->markers for the UI panel but fails to escape or quote individual file names when interpolating them into the HTML string. - Capability inventory: The skill possesses file system read access and the ability to render arbitrary HTML in the A2UI sidecar.
- Sanitization: Absent. Maliciously named files (e.g., containing script tags or HTML comments) could disrupt the UI or inject instructions into the agent's visual context.
Audit Metadata