file-intel
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
python scripts/process_files_with_gemini.py <folder_path>where the path is provided by the user. There are no instructions for input validation or shell escaping, which allows an attacker to execute arbitrary system commands by providing a folder path containing shell metacharacters (e.g.,;,|, or&&). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it extracts and summarizes content from various external file formats (PDF, DOCX, CSV, Python, etc.).
- Ingestion points: Files within the user-specified folder are read and processed (SKILL.md).
- Boundary markers: Absent; the instructions do not specify any delimiters or safety prompts to prevent the LLM from following instructions embedded within the files being processed.
- Capability inventory: The skill has the ability to execute shell commands and open local file paths.
- Sanitization: No sanitization of the file content is described before the content is passed to the Gemini processor.
Recommendations
- AI detected serious security threats
Audit Metadata