desktop-commander-overview
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of persistent shell sessions and long-running processes through tools like
start_processandinteract_with_process.\n - Evidence: Examples include starting dev servers, managing OS processes, and using interactive shells to automate development tasks.\n- [REMOTE_CODE_EXECUTION]: The agent is instructed on how to execute code and commands on remote machines and within local REPL environments.\n
- Evidence: Descriptions of production debugging via SSH sessions and using local Node/Python runners to execute dynamic code chunks.\n- [DATA_EXFILTRATION]: The skill enables access to sensitive files and network operations that could facilitate data movement outside the sandbox.\n
- Evidence: Explicitly supports reaching directories beyond the workspace (e.g., Downloads, Documents) and establishing remote SSH connections to external servers.\n- [PROMPT_INJECTION]: The skill processes untrusted external data, creating a risk for indirect prompt injection attacks.\n
- Ingestion points: Processes external data from log files (
tail -f), large CSVs, production databases, and structured documents (Excel, PDF, Word XML).\n - Boundary markers: The instructions encourage summarizing actions for the user but do not specify technical delimiters to isolate untrusted data from the agent's instructions.\n
- Capability inventory: The skill provides access to highly sensitive capabilities including file writes, persistent shell access, and remote SSH interaction.\n
- Sanitization: No explicit content sanitization or instruction-filtering strategies are outlined for the data being read.
Audit Metadata