zip-bundling
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's primary function is to bundle arbitrary files and directories into ZIP archives for external sharing. It specifically suggests including sensitive architecture and security documents, which could lead to the exposure of confidential information.
- [COMMAND_EXECUTION]: The skill references script files using path traversal (e.g.,
../../../scripts/bundle_zip.py). This allows the agent to execute code from the host environment that is not contained within the skill package itself. - [REMOTE_CODE_EXECUTION]: The
manifest_manager.pyscript implements logic to traverse up the directory tree to find a project root, enabling it to access and bundle files from the entire user environment instead of being restricted to the skill's own directory. - [CREDENTIALS_UNSAFE]: The skill's instructions encourage zipping configuration templates like
.env.example, which increases the risk of users accidentally packaging real.envfiles containing sensitive API keys and credentials. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Disk file reading via manifest paths in
SKILL.md. 2. Boundary markers: No delimiters or warnings used when reading files. 3. Capability inventory: File reading and ZIP creation. 4. Sanitization: No content validation or filtering performed on the files being bundled.
Recommendations
- AI detected serious security threats
Audit Metadata