Skills
skills/gumpen-app/directapp/Directus AI Assistant Integration/Gen Agent Trust Hub

Directus AI Assistant Integration

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): SQL Injection in findSimilar method. The collection parameter is directly interpolated into a knex.raw query string (FROM ${collection}). If the collection argument is influenced by user input, an attacker can execute arbitrary SQL commands, bypass security filters, or access unauthorized data.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surfaces in generateContent, analyzeSentiment, and generateSuggestions. User-provided strings (input, text, context) are interpolated directly into prompts (e.g., `` `...content:

${input}

Title:` ``) without delimiters or instructions to ignore embedded commands.

  • Ingestion points: input (generateContent), text (analyzeSentiment), context (generateSuggestions).
  • Boundary markers: Absent. Content is separated only by newlines.
  • Capability inventory: Database read/write via knex, OpenAI API usage.
  • Sanitization: None detected.
  • [SAFE] (INFO): The automated scan alert for this.ca appears to be a false positive caused by a string matching overlap with the internal property this.conversationCache.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:13 PM