Skills
skills/zeabur/agent-skills/zeabur-file/Gen Agent Trust Hub

zeabur-file

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Uses npx to download and execute the zeabur CLI tool from the npm registry to perform file operations.\n- [EXTERNAL_DOWNLOADS]: Retrieves project archives from Zeabur servers based on user-provided upload identifiers using the file pull command.\n- [COMMAND_EXECUTION]: Employs standard shell utilities such as ls, cat, and find to explore the contents of the downloaded project. The use of <upload_id> in shell commands could potentially lead to command injection if the identifier extracted from the user message is not properly validated by the agent.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the contents of untrusted project files.\n
  • Ingestion points: User-uploaded files are pulled into the local /tmp/project directory (SKILL.md).\n
  • Boundary markers: Absent; the instructions do not specify delimiters or warnings to ignore instructions found within the downloaded files.\n
  • Capability inventory: The agent can list files, read contents, and execute shell commands within its environment (SKILL.md).\n
  • Sanitization: None; the skill reads file content directly into the agent context for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 03:23 AM
Security Audit — agent-trust-hub — zeabur-file