Skills
skills/elifokaju/support-analytics-agent/support-analytics/Gen Agent Trust Hub

support-analytics

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The SKILL.md file explicitly directs the agent to execute system commands: sqlite3 data/tickets.db "SELECT ...". This capability can be exploited to execute arbitrary shell commands if the agent is tricked into using SQLite meta-commands like .shell or if shell metacharacters are included in the query string.
  • [REMOTE_CODE_EXECUTION] (HIGH): The instructions tell the agent to "construct a simple SELECT" query for cases where pre-built queries are insufficient. There is no requirement for input validation or parameterization, creating a direct vulnerability to SQL injection that could lead to unauthorized data access or system compromise.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill presents a significant attack surface due to the combination of data ingestion and high-privilege capabilities. Evidence Chain: 1. Ingestion points: The agent reads from data/tickets.db (defined in SKILL.md). 2. Boundary markers: No markers are used to separate data from instructions. 3. Capability inventory: The agent has shell execution access via sqlite3 (defined in SKILL.md). 4. Sanitization: No sanitization or escaping of database content or user input is mentioned.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:38 PM