Skills
skills/aplaceforallmystuff/minervia-starter-kit/minervia-restore/Gen Agent Trust Hub

minervia-restore

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local shell script at ~/.minervia/bin/minervia-update.sh using the Bash tool to perform backup management tasks.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it processes untrusted data from the local filesystem to construct commands.
  • Ingestion points: The agent reads the output of the --list-backups command, which reflects directory names found in ~/.minervia/backups/.
  • Boundary markers: Absent. There are no delimiters or instructions to treat the backup list as literal data.
  • Capability inventory: The skill has access to the Bash tool, which is used to execute the --restore operation.
  • Sanitization: None. The agent is instructed to use the provided timestamp directly in a shell command without validation or escaping, which could allow command injection if a directory name contains shell metacharacters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 12:56 AM