Oracle ADK Expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): Indirect prompt injection vulnerability surface detected in core architecture patterns.
- Ingestion points: Processes untrusted external content from
slack_app.event('message') and FastAPIchat_endpoint('message'). - Boundary markers: Code snippets lack delimiters or instructions to ignore embedded commands in user input.
- Capability inventory: Agents are granted capabilities to query databases via
SQLTooland access CRM data viaget_customer_datafunction tools. - Sanitization: No evidence of input validation or sanitization before passing untrusted strings to the agent's
executeorsendmethods. - Credentials Unsafe (HIGH): The skill provides patterns for accessing sensitive credential files.
- Evidence: Explicitly directs the agent to load credentials from
~/.oci/configusingoci.config.from_file. - Command Execution (MEDIUM): Implements dynamic execution of database queries.
- Evidence: Uses
oci_adk.tools.SQLToolwhich generates and executes SQL commands based on agent reasoning over user-provided data. - False Positive (INFO): The automated scan alert for 'logger.info' is a false positive.
- Details: The scanner flagged
logger.infoas a malicious URL, but the file content shows it is a standard Python logging call:logger.info(f"Calling tool: {tool}").
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata