pocketbase-operations
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes bash scripts (
scripts/pb_healthcheck.shandscripts/pb_request.sh) that execute shell commands using variables provided by the environment or agent instructions. - Evidence:
curl -sS -X "$method" "$url"inscripts/pb_request.shandcurl -sS -o /tmp/pb-health.jsoninscripts/pb_healthcheck.sh. - Risk: Standard utility scripts that rely on the agent to correctly populate method and path arguments. Malicious manipulation of these arguments could lead to unintended network operations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and displays raw data from external API responses.
- Ingestion points:
scripts/pb_healthcheck.shandscripts/pb_request.shprint the raw JSON output from the PocketBase API to the console. - Boundary markers: Absent. No delimiters or instructions are provided to the agent to ignore instructions that might be embedded in the API response bodies.
- Capability inventory: The skill has the capability to perform authenticated administrative requests and write to the local filesystem (
/tmp). - Sanitization: Absent. The scripts do not filter or validate the content of the API responses before presenting them to the agent context.
Audit Metadata