idempiere-retail-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The retail analytics section (analytics-kpis.md) introduces an AI-to-SQL (NLQ) feature. This capability ingests untrusted natural language to generate database queries, which is a prime target for indirect prompt injection. Evidence: (1) Ingestion point: NLQ for retail KPIs. (2) Boundary markers: None. (3) Capability: Dynamic SQL execution. (4) Sanitization: Basic whitelisting and read-only access suggested, but no formal sanitization logic provided.
- [Dynamic Execution] (MEDIUM): The skill implements dynamic SQL generation based on non-deterministic AI outputs. This requires robust validation of the resulting SQL string before execution to prevent unauthorized data access.
- [Data Exposure] (SAFE): The skill correctly identifies and warns against storing sensitive payment data like PAN/CVV and recommends minimizing PII.
Recommendations
- AI detected serious security threats
Audit Metadata