borumi-project
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection as it processes untrusted data from external SQLite databases. \n
- Ingestion points: Data is read from the 'script' field in the 'scenes' table and other metadata via sqlite3 queries (e.g., 'SELECT script FROM scenes') in SKILL.md. \n
- Boundary markers: No delimiters or instructions are provided to the agent to treat the retrieved database content as untrusted or to ignore embedded instructions. \n
- Capability inventory: The skill uses sqlite3 to perform both read and write operations on the local file system, as seen in the UPDATE and INSERT examples in SKILL.md. \n
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from the database before it is processed or displayed. \n- [COMMAND_EXECUTION] (MEDIUM): The skill facilitates shell command execution using the sqlite3 utility. \n
- Risk: The examples provided in SKILL.md use string interpolation for file paths and SQL parameters. If these are derived from untrusted input without proper escaping, it could lead to SQL injection or shell command injection.
Recommendations
- AI detected serious security threats
Audit Metadata