exfat-ntfs
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute high-privilege system commands using
sudo, including formatting partitions (mkfs.exfat,mkntfs), repairing filesystems (ntfsfix), and modifying system configuration files like/etc/fstab. These operations are sensitive and can result in accidental data loss if applied to incorrect device paths. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection.
- Ingestion points: Filesystem metadata, labels, and device information retrieved via
lsblk,blkid, andfdiskinSKILL.md. - Boundary markers: None present to delimit untrusted drive data from instructions.
- Capability inventory: Subprocess calls for disk formatting, mounting, and user modification (
sudo usermod) inSKILL.md. - Sanitization: No validation or sanitization of external metadata is mentioned before the agent processes it.
- Ingestion points: Filesystem metadata, labels, and device information retrieved via
- [EXTERNAL_DOWNLOADS]: The documentation references external GitHub repositories for filesystem utilities such as
exfatprogsandntfs-3g. These are well-known technology projects, and the skill correctly recommends using official Linux distribution package managers for their installation.
Audit Metadata