update-graft-inventory
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands, including
grep,jq,awk, andgit. Most significantly, it usesnpx wranglerto execute SQL queries directly against a production Cloudflare D1 database (grove-engine-db). These commands allow for reading production state and applying migration files to the remote database. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external sources—specifically local SQL migration files and output from production database queries. This data is then used to update the repository's metadata files and TypeScript definitions. There are no explicit sanitization steps or boundary markers to prevent malicious instructions embedded in database fields (like names or descriptions) from influencing agent behavior.
- Ingestion points: Local SQL migration files (
libs/engine/migrations/*.sql) and remote query results from Cloudflare D1. - Boundary markers: Absent; the data is interpolated directly into prompts and files.
- Capability inventory: Execution of SQL commands on a production database and modification/committing of source code.
- Sanitization: No validation is performed on the ingested data before it is written to JSON or TypeScript files.
Audit Metadata