Skills
skills/zenless-lab/skills/chezmoi-creator/Gen Agent Trust Hub

chezmoi-creator

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses a 'curl | sh' pattern to install the chezmoi tool from https://get.chezmoi.io. This is documented in SKILL.md and implemented in the assets/codespaces/install.sh script.
  • [COMMAND_EXECUTION]: Instructions in SKILL.md suggest using sudo to install the tool to /usr/local/bin, which involves executing shell commands with elevated system privileges.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the official installation script for the chezmoi tool from https://get.chezmoi.io.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it is designed to ingest and process untrusted local data such as dotfiles and templates.
  • Ingestion points: dot_gitconfig.tmpl, dot_zshrc, and other target files handled via 'chezmoi add' and 'chezmoi edit' (referenced in SKILL.md and references/commands.md).
  • Boundary markers: Absent; the agent is instructed to process and render file content directly without delimiters or safety warnings for the data itself.
  • Capability inventory: The skill has access to shell execution via sh and sudo (SKILL.md), and it utilizes 'chezmoi apply' which can execute managed lifecycle scripts (run_ once/onchange).
  • Sanitization: No sanitization or validation of the ingested dotfile or template content is implemented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 01:29 AM