idempiere-ai
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill defines a process for converting natural language user input into SQL queries for a PostgreSQL database. \n
- Ingestion points: Natural language user prompts (identified in
references/ai-in-idempiere.md). \n - Boundary markers: Recommends instructions like 'Solo lectura', 'Whitelist de views', and 'NO_PUEDE_RESPONDER' on failure to constrain LLM behavior. \n
- Capability inventory: Direct execution of generated SQL statements on an iDempiere database (
references/control-tower-template.md). \n - Sanitization: Relies on architectural defenses such as database-level permissions, whitelisted semantic views, and Row-Level Security (RLS).
- Command Execution (HIGH): The skill facilitates the dynamic generation and execution of SQL commands based on external model outputs, which could be exploited to access sensitive records or bypass application-level business logic if the underlying prompt is successfully manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata