stonebraker-database-architecture
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [OBFUSCATION]: The main header in 'SKILL.md' contains a sequence of hidden zero-width characters (U+200B, U+200C, U+200D, U+2060) that encode a significant amount of invisible data. This data follows the text '# Michael Stonebraker Style Guide' and is wrapped in specific markers (U+2060, U+200D, U+2060). Binary decoding reveals patterns such as 'SK1LL' followed by additional data, indicating a hidden payload.
- [PROMPT_INJECTION]: The use of zero-width character obfuscation within an instruction-bearing file is a high-risk indicator for prompt injection. This technique allows the author to provide hidden instructions to the AI that are not visible to human reviewers, which can be used to bypass safety filters or alter agent behavior without detection.
- [INDIRECT_PROMPT_INJECTION]: The 'WriteAheadLog' code pattern in 'SKILL.md' accepts a 'log_path' parameter and performs file system operations, including 'open(log_path, "ab")' and 'os.fsync()'. This creates a potential vulnerability surface where an attacker-controlled file path could lead to arbitrary file writes or data corruption.
- Ingestion points: 'log_path' parameter in the 'WriteAheadLog' class (SKILL.md).
- Boundary markers: Absent in the provided code snippets.
- Capability inventory: File creation and append access ('open'), and data persistence enforcement ('fsync').
- Sanitization: No path validation or sanitization is present in the example code.
Recommendations
- AI detected serious security threats
Audit Metadata