managing-database-tests
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The instructions direct the agent to use the Read tool on {baseDir}/config/. This directory is a standard location for sensitive information including database credentials, API keys, and environment configuration files. Accessing these files exposes secrets to the agent's context and potentially to subsequent tool outputs.\n- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection. \n
- Ingestion points: The agent reads from {baseDir}/config/ and processes database content/test outcomes during the 'Analyze Results' phase (Step 3).\n
- Boundary markers: Absent. There are no instructions or delimiters provided to prevent the agent from obeying commands embedded within the data it reads.\n
- Capability inventory: The skill has access to
Bash(test:db-*),Write, andEdittools, allowing for side effects and data modification based on injected instructions.\n - Sanitization: Absent. There is no evidence of filtering or sanitization of external data before it influences the agent's reasoning or reporting.\n- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes a restricted bash tool
Bash(test:db-*). While the prefix provides a layer of security, the safety of the underlying scripts and their handling of potentially tainted parameters (derived from the database or config) is unverifiable. This could lead to command injection within the restricted namespace.
Recommendations
- AI detected serious security threats
Audit Metadata