file-intel
Fail
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill takes a user-supplied folder path and interpolates it directly into a bash command:
python scripts/process_files_with_gemini.py <folder_path>. Because there is no evidence of input sanitization or shell escaping, an attacker could provide a path containing shell metacharacters (e.g.,;,&&, or|) to execute arbitrary commands on the system. - [PROMPT_INJECTION]: The skill's primary purpose is to ingest and summarize external documents (PDF, DOCX, CSV, etc.), creating a surface for Indirect Prompt Injection. Maliciously crafted content within these files could override agent instructions during the processing or summarization phase.
- Ingestion points: Processes all files within a user-specified folder (including binary and text formats).
- Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the files.
- Capability inventory: Execution of Python scripts and shell commands (
open). - Sanitization: No sanitization or validation of file content is described before the data is passed to the processor.
Recommendations
- AI detected serious security threats
Audit Metadata