rclone
Warn
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
sudoduring the installation process to acquire administrative privileges, which is required to install the rclone binary to system paths. - [REMOTE_CODE_EXECUTION]: The instructions and setup script fetch and execute a shell script directly from the official rclone domain (
https://rclone.org/install.sh). While this is a well-known source, executing remote scripts with root privileges carries inherent risk. - [EXTERNAL_DOWNLOADS]: The skill initiates downloads from the official rclone website to facilitate the installation of the management utility.
- [PROMPT_INJECTION]: The skill processes untrusted metadata such as file names and directory listings from remote cloud storage providers, creating a surface for indirect prompt injection. Ingestion points: File and directory listings retrieved via
rclone ls,rclone lsd, andrclone listremotes. Boundary markers: No explicit delimiters are used to wrap or sanitize the external data before it is processed by the agent. Capability inventory: The agent has the ability to execute shell commands (rclone), modify local and remote filesystems, and perform network requests. Sanitization: No validation or sanitization of remote filenames is performed, which could lead to instructions embedded in file names being interpreted by the agent.
Audit Metadata