spool
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses potentially sensitive system data through spool file content retrieval.
- The
read_spooled_file_datatool intools/spool.yamluses theSYSTOOLS.SPOOLED_FILE_DATAtable function to extract raw text lines from IBM i spooled files. Spooled files are a common source of sensitive business reports, system logs, and transaction details. - The database connection configuration in
tools/spool.yamlspecifiesignore-unauthorized: true, which disables SSL certificate verification and could expose data to man-in-the-middle attacks in insecure environments. - [PROMPT_INJECTION]: Potential for indirect prompt injection when processing data from external spool files.
- Ingestion points: The
read_spooled_file_datatool (defined intools/spool.yaml) reads untrusted text data from the system into the agent's context. - Boundary markers: The skill does not implement boundary markers or instructions to isolate the retrieved data from the agent's control flow.
- Capability inventory: The skill provides access to system management tools and arbitrary SQL execution via the
ibmiCLI as documented inSKILL.md. - Sanitization: There is no evidence of filtering or sanitizing the text content of spooled files before presentation to the agent.
Audit Metadata