Skills
skills/mathews-tom/armory/filesystem/Gen Agent Trust Hub

filesystem

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation encourages the use of the Bash tool for various filesystem management tasks, including directory creation (mkdir -p), file moving (mv), and file deletion (rm -r). It also mentions the use of chmod for resolving permission issues.
  • [PROMPT_INJECTION]: The skill defines an indirect prompt injection surface (Category 8) as it provides instructions for reading and processing external data from the filesystem (via Read and Grep) and then performing actions like Edit or Write based on that content.
  • Ingestion points: Read and Grep tools (documented in SKILL.md)
  • Boundary markers: None mentioned; the skill does not instruct the agent to use delimiters or ignore instructions within files.
  • Capability inventory: Write, Edit, and Bash tools (documented in SKILL.md)
  • Sanitization: None mentioned.
  • [DATA_EXFILTRATION]: The skill enables a broad data access surface by instructing the agent on how to read various file formats, including source code, PDFs (text extraction), and images (visual display), without sandbox restrictions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 06:25 AM
Security Audit — agent-trust-hub — filesystem