database-test-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill lacks boundary markers or sanitization logic despite being designed to process untrusted external data such as database schemas and test code. This is critical because the skill is granted high-privilege capabilities (Bash, Write, Edit) that could be exploited by instructions embedded within the processed content.
- Ingestion points: User-provided code, configurations, and database patterns entering via requests for 'database test helper'.
- Boundary markers: Absent. No delimiters or 'ignore' instructions are provided to separate data from commands.
- Capability inventory: Bash, Write, Edit, Read, and Grep are explicitly allowed in the metadata.
- Sanitization: Absent. No instructions for validation or filtering are present.
- [Command Execution] (MEDIUM): The skill grants unrestricted access to the Bash shell tool. While no malicious commands are hardcoded, providing shell access for a general-purpose test helper increases the attack surface significantly without explicit scoping or safety constraints.
Recommendations
- AI detected serious security threats
Audit Metadata