sqlite-notes
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The
setup.shscript performs standard filesystem and database initialization tasks. It creates a local directory and pipes SQL files into thesqlite3CLI. While it executes shell commands, it does not download external content, attempt privilege escalation, or access sensitive system paths. - [INDIRECT PROMPT INJECTION] (LOW): The script explicitly sets
PRAGMA trusted_schema=ON;. This setting is often required for Full Text Search (FTS5) triggers to function correctly, but it also allows the database to execute SQL functions within triggers and views that would otherwise be restricted. This represents a minor increase in attack surface if the database is used to store and process unsanitized content from untrusted external sources (e.g., web scraping results stored as notes).
Audit Metadata