Skills
skills/salvo-rs/salvo-skills/salvo-file-handling/Gen Agent Trust Hub

salvo-file-handling

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The 'Single File Upload', 'Multiple Files', and 'OpenAPI File Upload' examples use user-provided filenames (file.name()) directly in file system operations via tokio::fs::copy without sanitization, enabling Path Traversal for arbitrary file writes.
  • [DATA_EXFILTRATION]: The basic 'File Downloads' handler uses a request parameter (req.param("filename")) directly to build a path for NamedFile::builder, allowing attackers to potentially read arbitrary system files via Path Traversal.
  • [COMMAND_EXECUTION]: The 'Raw Body Upload' section uses a query parameter directly as a filename for tokio::fs::File::create, facilitating arbitrary file creation in the uploads/ directory or elsewhere on the system.
  • [PROMPT_INJECTION]: The skill provides endpoints that ingest untrusted data from web requests and perform file system operations, creating a surface for indirect prompt injection.
  • Ingestion points: Request parameters, query strings, and multipart metadata in SKILL.md.
  • Boundary markers: Absent in the vulnerable code snippets.
  • Capability inventory: Uses tokio::fs::copy, tokio::fs::File::create, and salvo::fs::NamedFile across multiple handler implementations.
  • Sanitization: Absent in most examples, although correctly demonstrated in the 'Protected Downloads' section.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 06:49 AM