wren-query
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses string interpolation to build bash commands from user input, specifically the
$ARGUMENTSvariable inuv run wren --sql '$ARGUMENTS'. This is a command injection vulnerability if the input contains shell-escaping characters like single quotes. - [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read
~/.wren/connection_info.json, which is a configuration file containing sensitive database credentials including host, username, and plaintext password. - [DATA_EXFILTRATION]: The access to local credential files combined with a command injection vulnerability creates a significant risk where credentials or database content could be exfiltrated.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion point: user-provided SQL queries in
$ARGUMENTS. 2. Boundary markers: Absent in command construction and instructions. 3. Capability inventory:Bashexecution andReadoperations. 4. Sanitization: Absent in the provided skill instructions.
Recommendations
- AI detected serious security threats
Audit Metadata