skills/lobehub/lobe-chat/desktop/Gen Agent Trust Hub

desktop

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The developer guide for local tools in references/local-tools.md provides a template for file operations that is vulnerable to path traversal. The LocalFileCtr implementation in apps/desktop/src/main/controllers/LocalFileCtr.ts uses path.join with the newName parameter without performing any sanitization or validation, which could allow an attacker to manipulate files outside the intended scope.
  • Ingestion points: The renameFile tool manifest in references/local-tools.md defines parameters (oldPath, newName) that accept untrusted input.
  • Boundary markers: No specific boundary markers or instruction-following delimiters are implemented in the provided IPC controller examples.
  • Capability inventory: The skill utilizes fs/promises for direct file system modification (fs.rename) within the Electron main process.
  • Sanitization: While general 'Best Practices' in SKILL.md mention validating inputs, the specific code templates provided for the agent to follow in references/local-tools.md lack sanitization logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:16 AM
Security Audit — agent-trust-hub — desktop